one  FILE  COPY  AD-A175  249 


SECURITY  CLASSIFICATION  OF  THIS  PAGE  (When  Da  la  Entered) 


REPORT  DOCUMENTATION  PAGE 


WWfH.  86 -8,  *4 


2.  GOVT  ACCESSION  NO 


4  TITLE  (and  Subtitle) 

A  DEDUCTIVE  APPROACH  TO  COMPUTER  PROGRAMMING 


7.  AUTHORfsJ 

Prof.  Zohar  Manna 


9  PERFORMING  organization  name  and  address 

Department  of  Computer  Science 

Stanford  University 

Stanford,  CA  94305 


II.  CONTI”  ung  office  name  and  address 
United  States  Air  Force 
Air  Force  Office  of  Scientific  Research 
Bldg.  410,Bolling  Air  Force  Base,  Wash.  DC  2(1) 


■  4  MONITORING  AGENCY  NAME  &  ADDRESS  (It  dlHarant  from  Controlling  Olltce) 


c\S  \  \ 


READ  INSTRUCTIONS 
BEFORE  COMPLETING  FORM 


3.  RECIPIENT'S  CATALOG  NUMBER 


5  TYPE  OF  REPORT  A  PERIOD  COVERED 

Final  Scientific  Report 
10/1/84  -  9/30/85 


6.  PERFORMING  ORG.  REPORT  NUMBER 


a  contract  or  grant  number^j 

AFOSR  81-0014 


10.  PROGRAM  ELEMENT.  PROJECT.  TASK 
AREA  «  WORK  UNIT  NUMBERS 

u>\\oa\- 

53oM  /  ftQ 


12.  REPORT  DATE 


<3.  NUMBER  OF  PAGES 

332  5 


15.  SECURITY  CLASS,  (ol  thlm  r.portj 

unclassified 


15a.  DECLASSI  F|  CATION/ DOWN  GRADING 
SCHEDULE 


16  DISTRIBUTION  STATEMENT  (ol  thl,  Report) 


Ar  pro’." 
dlstri: 


■:  fc 
■-t  i-: 


vC  lie  ro lease 

limited. 


17.  DISTRIBUTION  STATEMENT  (of  tha  abstract  an  tar  ad  in  Block  20,  If  dltfarant  from  Raport) 


18.  supplementary  notes 


J  ±  >  •  JO 


19.  KEY  WORDS  (Contlnua  on  ravaraa  aida  It  nacaaaary  and  Idantlty  by  block  numbar ) 


20.  ABSTRACT  (Contlnua  on  ravaraa  aida  If  nacaaamry  and  Idantlty  by  block  numbar) 


DD  ,:°nrm7,  1473  EDITION  OF  1  NOV  65  IS  OBSOLETE 
S/N  0102  LF  014  6601 


SECURITY  CLASSIFICATION  OF  THIS  PAGE  /BRan  Data  tniaradi 


O  Ido  ■  // 


AFOSR.TR.  '86-2 


164 


A  DEDUCTIVE  APPROACH  TO  COMPUTER  PROGRAMMING 


by 

Zohar  Manna 

Professor  of  Computer  Science 
Stanford  University  Stanford,  CA  94305 


Final  Scientific  Report: 

Air  Force  Office  of  Scientific  Research 
Grant  AFOSR-81-0014 
Oct.  1,  1984  -  Sept.  30,  1985 


Summary 

Our  research  was  concentrated  on  the  following  topics: 

•  Special  Relations  in  Automated  Deduction  (Manna  and  Waldinger  [85a][85b]) 

Theorem  provers  have  exhibited  super-human  abilities  in  limited,  obscure  subject  domains 
but  seem  least  competent  in  areas  in  which  human  intuition  is  best  developed.  One  reason  for  this 
is  that  an  axiomatic  formalization  requires  us  to  state  explicitly  facts  that  a  person  dealing  in  a 
familiar  subject  would  consider  too  obvious  to  mention;  the  proof  must  take  each  of  these  facts  into 
account  explicitly.  A  person  who  is  easily  able  to  construct  an  argument  informally  may  be  too 
swamped  in  detail  to  understand,  let  alone  produce,  the  corresponding  formal  proof.  A  continuing 
effort  in  our  research  is  to  make  formal  theorem  proving  more  closely  resemble  intuitive  reasoning. 
One  case  in  point  is  our  treatment  of  special  relations. 

In  most  proofs  of  interest  for  program  synthesis,  certain  mathematical  relations,  such  as  equal¬ 
ity  and  the  orderings,  present  special  difficulties.  These  relations  occur  frequently  in  specifications 
and  in  derivation  proofs.  If  their  properties  are  represented  axiomatically,  proofs  become  lengthy, 
difficult  to  understand,  and  even  more  difficult  to  produce  or  discover  automatically.  Axioms  such 
as  transitivity  have  many  consequences,  most  of  which  are  irrelevant  to  the  proof;  including  them 
produces  an  explosion  in  the  search  space. 

For  the  equality  relation,  the  approach  that  was  adopted  early  on  is  to  represent  its  properties 
with  rules  of  inference  rather  than  axioms.  In  resolution  systems,  two  rules  of  inference,  paramod- 
ulation  (Wos  and  Robinson  [69])  and  E-resolution  (Morris  [69]).  were  introduced.  Proofs  using 
these  rules  are  shorter  and  clearer,  because  one  application  of  a  rule  can  replace  the  application 
of  several  axioms.  More  importantly,  we  may  drop  the  equality  axioms  from  the  clause  set,  thus 
eliminating  their  numerous  consequences  from  the  search  space. 

We  have  discovered  two  rules  of  inference  that  play  a  role  for  an  arbitrary  relation  analogous 
to  that  played  by  paramodulation  and  E-resolution  for  the  equality  relation.  These  rules  apply  to 
sentences  employing  a  full  set  of  logical  connectives;  they  need  not  be  in  the  clause  form  required 
by  traditional  resolution  theorem  provers.  We  intend  both  these  rules  to  be  incorporated  into 
theorem  provers  for  program  synthesis. 


Employing  the  new  special-relations  rules  yields  the  same  benefits  for  an  arbitrary  relation 
as  using  paramodulation  and  E-resolution  yields  for  equality:  proofs  become  shorter  and  more 
comprehensible  and  the  search  space  becomes  sparser. 

•  Binary-Search  Algorithms  (Manna  and  Waldinger  [85c]) 

Some  of  the  most  efficient  numerical  algorithms  rely  on  a  strategy  of  binary  search ;  according 
to  this  strategy,  the  interval  in  which  the  desired  output  is  sought  is  divided  roughly  in  half  at 
each  iteration.  This  technique  is  so  useful  that  some  authors  (e.g.,  Dershowitz  and  Manna  [77]  and 
Smith  [85])  have  proposed  that  a  general  binary-search  paradigm  or  schema  be  built  into  program 
synthesis  systems  and  then  specialized  as  required  for  particular  applications. 

It  is  certainly  valuable  to  store  such  schemata  if  they  are  of  general  application  and  difficult  to 
discover.  This  approach,  however,  leaves  open  the  question  of  how  schemata  are  discovered  in  the 
first  place.  We  have  found  that  the  concept  of  binary  search  appears  quite  naturally  and  easily  in 
the  derivations  of  some  numerical  programs.  The  concept  arises  as  the  result  of  a  single  resolution 
step,  between  a  goal  and  itself. 

The  programs  we  have  produced  in  this  way  (e.g.,  real-number  quotient  and  square  root, 
integer  quotient  and  square  root,  and  array  searching)  are  quite  simple  and  reasonably  efficient 
but  are  bizarre  in  appearance  and  different  from  what  we  would  have  constructed  by  informal 
means.  For  example,  we  have  developed  the  real-number  square-root  program  sqrt(r,  £)  given 
above.  This  program  tests  if  the  error  tolerance  £  is  sufficiently  large;  if  so,  0  is  a  close  enough 
approximation.  Otherwise,  the  program  finds  recursively  an  approximation  within  2£  less  than 
the  exact  square  root.  It  then  tries  to  refine  this  estimate,  increasing  it  by  £  if  the  exact  square 
root  is  large  enough  and  leaving  it  the  same  otherwise. 

This  program  was  surprising  to  us  in  that  it  doubles  a  number  rather  than  halving  it  as  the 
classical  binary-search  program  does.  Nevertheless,  if  the  repeated  occurrences  of  the  recursive  call 
sqrt(r,  2£)  are  combined  by  common-subexpression  elimination,  this  program  is  as  efficient  as  the 
familiar  one  and  somewhat  simpler. 

•  Plan  Formation  in  Situational  Logic  (Manna  and  Waldinger  [85d] ) 

The  deductive-tableau  approach  applies  directly  to  the  synthesis  of  applicative  (or  functional) 
programs,  which  alter  no  data  structures  and  produce  no  other  side  effects.  To  apply  the  same  ap¬ 
proach  to  nonapplicative  programs,  which  may  produce  side  effects,  we  have  employed  a  situational 
logic,  i.e.,  a  system  that  allows  us  to  refer  explicitly  to  the  states  of  a  computation. 

The  situational  logic  we  have  developed  (Manna  and  Waldinger  [81])  fits  well  within  the 
deductive-tableau  framework.  We  include  new  functions,  such  as  val(s,e)  (the  value  of  expression 
e  in  state  s),  s\e  (the  state  produced  by  evaluating  expression  e  in  state  s),  and  new  relations, 
such  as  holds(s,p)  (true  if  the  value  of  sentence  p  is  true  in  state  s,  and  false  otherwise).  These 
are  ordinary  function  and  relation  symbols;  proofs  in  situational  logic  may  employ  the  ordinary 
deductive-tableau  inference  rules. 

We  are  currently  attempting  to  apply  these  techniques  to  problems  in  robot  planning  by 
proving  theorems  in  a  new  formulation  of  situational  logic.  Our  machine-oriented  deductive-tableau 
inference  system  is  adapted  to  this  logic,  with  special  attention  being  paid  to  the  derivation  of 
conditionals  and  recursive  plans.  With  an  implementation  of  the  Fay's  [79]  unification  algorithm 
(see  also  llullot  [80]),  it  has  been  found  possible  to  build  in  equations  and  equivalences  of  the 


situ  oonal  logic.  Inductive  proofs  of  theorems  for  even  the  simplest  planning  problems  have  been 
found  to  require  challenging  generalizations. 

•  Synthesis  of  Concurrent  Programs  (Bengt,  Manna,  Waldinger  [86]) 

The  synthesis  of  concurrent  programs  is  much  more  complicated  than  the  synthesis  of  se¬ 
quential  programs.  In  general,  a  concurrent  program  does  not  have  a  single  input  value  and  a 
single  output  value,  but  receives  several  inputs  and  sends  several  outputs  during  its  execution.  If 
we  consider  sequences  of  input  and  output  values,  then  we  can  specify  a  concurrent  program  by 
giving  a  relation  between  the  sequence  of  input  values  and  the  sequence  of  output  values.  This 
specification  method  is  natural  especially  for  networks  of  deterministic  processes  that  communicate 
asynchronously  by  sending  messages  over  buffered  channels  (see  e.g.  [Kahn  74]).  Deterministic 
data  flow  networks  fall  into  this  category. 

We  developed  a  framework  for  deductive  synthesis  of  such  concurrent  programs.  Since  we 
wanted  to  use  induction  conveniently,  we  considered  only  networks  that  produce  finite  sequences 
of  output  values  when  receiving  finite  sequences  of  output  values. 

•  Nonclausal  Logic  Programming  (Malachi,  Manna  and  Waldinger  [84]  [85],  Malachi  [86]) 

A  deductive- tableau  theorem  prover  can  be  adapted  to  serve  as  the  interpreter  for  a  program¬ 
ming  language  just  as  resolution  theorem  provers  have  been  adapted  to  interpret  the  language 
Prolog.  The  programming  language  tablog  we  obtain  in  this  way  combines  attractive  features 
of  lisp  and  Prolog: 

■  It  allows  the  use  of  equality  in  programs.  (This  is  allowed  in  LISP  but  forbidden  in 

PROLOG.) 

■  Programs  may  define  either  functions  or  relations.  (LISP  programs  must  repre¬ 

sent  relations  as  truth-valued  functions;  PROLOG  programs  must  represent  n-ary 
functions  as  (n  +  l)-ary  relations.) 

■  Pattern  matching  and  backtracking  are  built  in.  (They  are  not  part  of  LISP.) 

In  contrast  to  other  languages  combining  PROLOG  and  lisp  features,  such  as  loglisp  (Robinson 
and  Sibert  [82])  and  qlog  (Komorowski  [79]),  tablog  is  a  single  new  language,  not  a  meld  of  two 
separate  components. 

A  sample  tablog  program,  to  insert  a  number  u  in  its  place  in  an  ordered  list  of  numbers,  is 
as  follows: 

insert{  u,  {  ] )  =  [u] 
insert(u.  vox)  =  if  u  <  v 

then  uo(i'oi) 
else  v  o  insert(u,x) 

Here  [  ]  is  the  empty  list,  [u]  is  the  singleton  list  whose  sole  element  is  u,  and  v  o  x  is  the  result 
of  inserting  ( ‘‘consing” )  the  number  ;  at  the  beginning  of  the  list  x.  We  find  this  program  to  be 
clearer  than  the  corresponding  program  in  either  Lisp  or  PROLOG. 

•  Logic:  The  Calculus  of  Computer  Science 

The  research  papers  in  which  we  have  presented  the  deductive  approach  to  program  synthesis 
has  been  addressed  to  the  customary  advanced  readership  of  the  scholarly  journals.  In  an  effort 


« 

v - 


|  't-  *  ^  •  j*  "  •'  f *  •  V  »  "  *•**■ 


to  make  this  work  accessible  to  a  wider  audience,  including  computer  science  undergraduates  and 
programmers,  we  have  developed  a  more  elementary  treatment  in  the  form  of  a  two- volume  book, 
The  Logical  Basis  for  Computer  Programming ,  Addison-Wesley  (Manna  and  Waldinger  [85]). 

The  book  requires  no  computer  programming  and  no  mathematics  other  than  an  intuitive 
understanding  of  sets,  relations,  functions,  and  numbers;  the  level  of  exposition  is  elementary. 
Nevertheless,  the  text  presents  some  novel  research  results,  including 

■  theories  of  strings,  trees,  lists,  and  finite  sets  and  bags,  particularly  well  suited  to 

theorem-proving  and  program-synthesis  applications; 

■  formalizations  of  parsing,  infinite  sequences,  expressions,  substitutions,  and  unifi¬ 

cation; 

■  a  nonclausal  version  of  skolemization; 

■  a  treatment  of  stepwise  induction  in  the  deductive-tableau  framework. 

7.  Publications 

Malachi,  Y.  [86] 

Nonclausal  logic  programming,  Ph.D.  thesis  (supervised  by  Z.  Manna),  Computer  Science 
Department,  Stanford  University,  Stanford,  CA,  1986. 

Malachi,  Y.,  Z.  Manna,  and  R.  Waldinger  [84] 

Tablog:  The  deductive-tableau  programming  language,  ACM  Symposium  on  lisp  and 
Functional  Programming ,  Austin,  TX,  August  1984,  pp.  323-330. 

Malachi,  Y.,  Z.  Manna,  and  R.  Waldinger  [85] 

tablog:  Functional  and  relational  programming  in  one  framework,  IEEE  software,  Vol. 

2,  No.  1  (January  1986),  pp.  75-76  (invited  abstract). 

Manna,  Z.,  and  R.  Waldinger  [80] 

A  deductive  approach  to  program  synthesis,  ACM  Transactions  on  Programming  Lan¬ 
guages  and  Systems,  Vol.  2,  No.  1,  January  1980,  pp.  90-121. 

Manna,  Z.,  and  R.  Waldinger  [81] 

Problematic  features  of  programming  languages:  a  situational-calculus  approach,  Acta 
Information,  Vol.  16,  1981,  pp.  371-426. 

Manna,  Z.,  and  R.  Waldinger  [85a] 

Special  relations  in  automated  deduction,  Journal  of  the  ACM,  Vol.  33,  No.  1  (Jan.  1986), 
pp.  1-60.  An  abbreviated  version  appears  in  the  Proceedings  of  the  Twelfth  International 
Colloquium  on  Automata.  Languages ,  and  Programming  (ICALP),  Nafplion,  Greece,  July 
1985. 

Manna,  Z.,  and  R.  Waldinger  [85b] 

Deduction  with  relation  matching,  5th  Conference  on  Foundations  of  Software  Technology 
and  Theoretical  Computer  Science,  New  Delhi,  India  (invited  paper),  Lecture  Notes  in 
Computer  Science  206,  Springer- Verlag,  December  1985,  pp.  212-224. 


4 


Manna,  Z.,  and  R.  Waldinger  [85c] 

The  origin  of  the  binary-search  paradigm,  Ninth  International  Joint  Conference  on  Arti¬ 
ficial  Intelligence ,  Los  Angeles,  CA,  August  1985,  pp.  222-224.  Also  to  appear  in  Science 
of  Computer  Programming. 

Manna,  Z.,  and  R.  Waldinger  [85d] 

Plan  formation  in  situational  logic,  Workshop  on  Distributed  Artificial  Intelligence.  Sea 
Ranch,  CA,  December  1985  (invited  paper). 

Manna,  Z.,  and  R.  Waldinger  [85e] 

The  Logical  Basis  for  Computer  Programming,  Addison-Wesley,  Reading,  MA, 

Volume  1:  Deductive  Reasoning  (1985), 

Volume  2:  Deductive  Techniques  (to  appear). 

Jonsson,  B.,  Z.  Manna,  and  R.  Waldinger  [86] 

Towards  deductive  synthesis  of  data-flow  networks,  First  Conference  on  Logic  in  Com¬ 
puter  Science,  Cambridge,  MA  (June  1986). 


June  1984 


Report  No.  STAN-CS-84-1012 


afosr.t*. 


86*2 104 


TABLOG: 

The  Deductive-Tableau  Programming  Language 


by 


Yonathan  Malachi,  Zohar  Manna  and  Richard  Waldinger 


Department  of  Computer  Science 


Stanford  University 
Stanford.  CA  94305 


The  three  titles  should  be  processed  as 
one  report. 

Per  Ms .  Debbie  Tyrell ,  AF0SR/X0TD 


TABLOG: 

The  Deductive- Tableau  Programming  Language 


Yonathan  Malachi 
Zohar  Manna 

Computer  Science  Department 
Stanford  University 

Richard  Waldinger 

Artificial  Intelligence  Center 
SRI  International 


Abstract 

TAB  LOG  (Tableau  Logic  Programming  Language)  is  a  language  based  on  first-order  pred¬ 
icate  logic  with  equality  that  combines  functional  and  logic  programming.  TABLOG  incor¬ 
porates  advantages  of  LISP  and  PROLOG. 

A  program  in  TABLOG  is  a  list  of  formulas  in  a  first-order  logic  (including  equality, 
negation,  and  equivalence)  that  is  more  general  and  more  expressive  than  PROLOG’S  Horn 
clauses.  Whereas  PROLOG  programs  must  be  relational,  TABLOG  programs  may  define 
either  relations  or  functions.  While  LISP  programs  yield  results  of  a  computation  by 
returning  a  single  output  value,  TABLOG  programs  can  be  relations  and  can  produce  several 
results  simultaneously  through  their  arguments. 

TABLOG  employs  the  Manna- Waldinger  deductive-tableau  proof  system  as  an  interpreter 
in  the  same  way  that  PROLOG  uses  a  resolution-based  proof  system.  Unification  is  used 
by  TABLOG  to  match  a  call  with  a  line  in  the  program  and  to  bind  arguments.  The  basic 
rules  of  deduction  used  for  computing  are  nonclausal  resolution  and  rewriting  by  means  of 
equality  and  equivalence. 

A  pilot  interpreter  for  the  language  has  been  implemented. 


This  research  was  supported  in  part  by  the  National  Science  Foundation  under  Grants  MCS-82- 1  1V2T 
MCS-81- 1 1586.  and  MCS-81-0.r).r>6'>,  by  the  Tinted  States  Air  Force  Office  of  Scientific  Research  under 
Grant  AFOSR-81-0014.  by  DARPA  under  Contract  N00.'59-H2-C02r>0.  arid  by  a  grant  front  IBM  Research. 
San  Jose.  California. 

Presented  at  the  ACM  Symposium  on  LISP  and  Functional  Programming.  University  of  Texas  at  Austin. 
August  5  H.  1984 


1.  Introduction 


Logic  programming  [Kowalski  79]  attempts  to  improve  programmer  productivity  by  propos¬ 
ing  logic,  a  human-oriented  language,  as  a  programming  language.  PROLOG,  the  flagship  of 
logic-programming  languages,  based  on  a  resolution  proof  system,  has  a  restricted  syntax. 
TABLOG  is  based  on  a  more  flexible  theorem  prover.  the  deductive-tableau  proof  system 
[Manna  and  Waldinger  80],  which  allows  a  more  intuitive  and  a  richer  syntax.  A  TABLOG 
program  is  a  list  of  assertions  in  [quantifier-free]  first-order  logic  with  equality.  The  execu¬ 
tion  of  a  program  corresponds  to  the  proof  of  a  goal ,  which  produces  the  desired  output(s) 
as  a  side  effect. 

Since  a  particular  procedure  is  specified  by  the  programmer,  and  since  the  proof  taking 
place  is  always  a  proof  of  a  special  case  of  a  theorem — namely,  the  case  for  the  given  input 
the  program  interpreter  does  not  need  all  the  deduction  rules  available  in  the  original 
deductive-tableau  proof  system.  The  theorem  prover  can  be  more  directed,  efficient,  and 
predictable  than  a  theorem  prover  used  for  program  synthesis  or  for  any  other  general- 
purpose  deduction. 

2.  TABLOG  Syntax 

Syntactic  Objects 

The  language  is  that  of  the  quantifier-free  first-order  predicate  logic  w  ith  equality,  consist¬ 
ing  of  the  following: 

•  truth  values:  true,  false. 

•  connectives:  A,  V,  =,  — »  (implies),  <—  (if),  if-then-else. 

•  variables  such  as  u,  v,  xi ,  i/2b- 

•  constants  such  as  a,  fc,  [],  5. 

•  predicates  such  as  =,  prime,  €,  >. 

•  functions  such  as  gcd,  append,  T. 

The  user  must  declare  the  variables,  constants,  functions,  and  predicates  used  in  the 
program:  some  primitive  constants,  functions,  and  predicates  (such  as  0.  [].  +  .  -.  >,  odd) 
are  predefined. 

Note  that  we  use  the  if-then-else  construct,  both  as  a  connective  for  formulas 

if  u  =  []  then  empty(u)  else  sorted(u) 

and  as  an  operator  generating  terms 

gcdlx.  ij)  —  if  x  >  y  then  gcd (x  —  y.  y) 
else  gcd(z,  y-x). 

This,  together  with  *—  (reverse  implication),  enables  the  programmer  to  write  LlsP-style 
as  well  as  PROLOG-style  programs. 


2 


Programs 

A  program  is  a  list  of  assertions  (formulas  in  [quantifier-free]  first-order  logic  with  equality), 
specifying  the  algorithm.  Variables  are  implicitly  universally  quantified. 

Here  is  a  very  simple  program  for  appending  two  lists: 

append([],  v)  =  v 

append(xo  u,  e)  =  joappend(u,  v). 

The  o  symbol  denotes  the  list  insertion  (cons  in  LISP)  operator,  and  []  denotes  the  empty 
list  (nil  in  LISP). 

A  call  to  a  program  is  a  goal  to  be  proved.  Like  the  assertions,  goals  are  formulas 
in  logic,  but  variables  are  implicitly  existentially  quantified.  The  bindings  of  these  vari¬ 
ables  are  recorded  throughout  the  proof  and  become  the  outputs  of  the  program  upon 
termination. 

for  example,  a  call  to  the  append  program  above  might  be 

^  =  append([l,  2,  3],  [a,  b]). 

The  output  of  the  execution  of  this  program  call  will  be 

[1, 2,  3,  a,  b], 

as  expected. 

The  list  construct  (e.g.  [1,2,3])  is  for  convenience  in  expressing  input  and  output,  and 
denotes  the  term  lo (2o (3o [])). 

3.  Examples 

The  following  examples  demonstrate  the  basic  features  of  TABLOG.  The  correctness  of 
these  programs  does  not  depend  on  the  order  of  assertions  in  the  program.  It  is  possible, 
however,  to  write  programs  that  do  take  advantage  of  the  known  order  of  the  interpreter’s 
goal  evaluation,  as  will  be  explained  later. 

In  the  examples,  we  use  jr  and  y  (possibly  with  subscripts)  for  variables  intended  to  be 
assigned  atoms  (integers  in  most  of  the  examples):  u  and  v  (possibly  with  subscripts)  are 
variables  used  for  lists. 

Deleting  a  List  Element 

The  following  program  deletes  all  [top-level]  occurrences  of  an  element  i  from  a  list: 
deleted.  [])  =  [] 

deletefx.  you)  —  (if  x  =  y  then  delete(r.a) 

else  (y°delete(.r.  »)) . 


This  program  demonstrates  the  use  of  equality,  if-then-ebe.  and  recursive  calls.  For  those 
who  prefer  the  PROLOG  style  of  programming,  the  last  line  could  be  replaced  by  assertions: 


deletefx.  rou)  =  deletefx,  u) 
x  y  — *  delete(x.  you)  =  i/odelete(x.  u) 

To  remove  all  occurrences  of  o  from  the  list  [u.6,  u.c]  the  goal 

2  =  delete(o.  [a.  b.  a.  cj) 

is  given  to  the  interpreter. 

Set  Union 

The  following  example,  a  program  to  find  the  union  of  two  sets  represented  by  lists,  demon¬ 
strates  the  use  of  negation,  equivalence  and  if-thtn-else : 

1.  union([],  v)  —  v 

2.  union(xou,  v)  =  if  member(x,  v) 

then  union(u,  v) 
else  (jounion(u,  u)) 

3.  -'member(x,  []) 

4.  member (x,  you)  —  ((x  =  y)  V  member(x,  it)) 


Lines  1  and  2  define  the  union  function.  Line  1  defines  the  union  of  the  empty  set 
with  another  set,  and  line  2  asserts  that  the  head  x  of  the  first  set  xo  u  should  be  inserted 
into  the  union  if  it  is  not  already  in  the  second  set  v. 

Lines  3  and  4  define  the  member  relation.  Line  3  specifies  that  no  element  is  a  member 
of  the  empty  set,  and  line  4  defines  how  to  test  recursively  membership  in  a  nonempty 
set. 

Factorial 

The  following  program  will  compute  the  factorial  of  a  nonnegative  integer  x: 

fact(O)  =  1 

fact(x)  =  x  *  fact(x  -  1)  —  x  >  1 

The  corresponding  PROLOG  program  will  be 


factp(0.  1 
factpfx.  c 


X|  is  x-  1  A  factptx] . ;/)  A  2  is  x  *  //. 


The  is  construct  is  used  in  pkoi.oo  to  force  the  evaluation  nf  an  arithmetic  expression. 


v* ’.V  V*  ■v'* 


Quicksort 


Here  is  a  TABLOG  program  that  uses  quicksort  to  sort  a  list  of  numbers.  It  combines  a 
PROLOG-style  relational  subprogram  for  partitioning  with  a  LISP-style  functional  subpro¬ 
gram  for  sorting. 

1  qsortf  [  ])  = 

2  qsort(.rou)  =  append(qsort(iq ).  j"oqsort(uo)) 

—  partition!/,  a,  tq  .  ug) 

3.  partition!/.  [].[].[]) 

-l  partition!/,  j/ou.you,,^) 

— -  y<x  A  partition!/,  a,  rq ,  U2) 

5.  partition!  j.  yo  a,  ai ,  yo  u2) 

<—  y>x  A  partition!/,  a,  ui ,  U2) 

The  assertions  in  lines  1  and  2  form  the  sorting  subprogram.  Line  1  asserts  that  the 
empty  list  is  already  sorted.  Line  ?  specifies  that,  to  sort  a  list  xo a,  with  head  x  and  tail 
a.  one  should  append  the  sorted  version  of  two  sublists  of  a,  a!  and  U2  .  and  insert  the 
element  x  between  them;  the  two  sublists  u\  and  U2  are  determined  by  the  subprogram 
partition  to  be  the  elements  of  a  less  than  or  equal  to  x  and  greater  than  x,  respectively. 

The  assertions  in  lines  3  to  5  specify  how  to  partition  a  list  according  to  a  partition 
element  x.  Line  3  discusses  the  partitioning  of  the  empty  list,  while  lines  4  and  5  treat  the 
case  in  which  the  list  is  of  the  form  you.  Line  4  is  for  the  case  in  which  y,  the  head  of  the 
list,  is  less  than  or  equal  to  x ;  therefore,  y  should  be  inserted  into  the  list  u\  of  elements 
not  greater  than  x.  Line  5  is  for  the  alternative  case. 

The  append  function  for  appending  two  lists  was  defined  earlier. 

4.  Comparison  with  PROLOG 

Functions  and  Equality 

While  PROLOG  programs  must  be  relations.  TABLOG  programs  can  be  either  relations  or 
functions.  The  availability  of  functions  and  equality  makes  it  possible  to  write  programs 
more  naturally.  The  functional  style  of  programs  frees  the  programmer  from  the  need  to 
introduce  many  auxiliary  variables. 

We  can  compare  the  PROLOG  and  TABLOG  programs  for  quicksort.  In  TABLOG,  the 
program  uses  the  unary  function  qsort  to  produce  a  value,  whereas  a  PROLOG  program  is 
a  binary  relation  qsoitp:  the  second  argument  is  needed  to  hold  the  output. 

The  second  assertion  in  the  TABLOG  program  is 

qsortf/oa)  =  appendfqsortf  jq  ).  /oqsortfug  )) 

— -  partition!/.  it.  iq  .  u2 ) 


'•  * r-  >  h  »  K  a  g 


^  »  A  A*. 


The  corresponding  clause  in  the  PROLOG  program  will  be  something  like 

qsortp(xo  u,  z)  —  partition^,  u,  ui ,  112)  A 
qsortp(ui ,  z\ )  A 
qsortp(it2,  z?)  A 
appendp(2i  ,1022,2). 

The  additional  variables  Z\  and  22  are  required  to  store  the  results  of  sorting  ii\  and  u_> . 
This  demonstrates  the  advantage  of  having  functions  and  equality  in  the  language.  Note 
that,  although  function  symbols  exist  in  PROLOG,  they  are  used  only  for  constructing  data 
structures  (like  TABLOG’s  primitive  functions)  and  are  not  reduced. 

Negation  and  Equivalence 

In  PROLOG,  negation  is  not  available  directly;  it  is  simulated  by  finite  failure.  To  prove 
not(P).  PROLOG  attempts  to  prove  P\  not{P)  succeeds  if  and  only  if  the  proof  of  P  fails. 
In  TABLOG.  negation  is  treated  like  any  other  connective  of  logic.  Therefore,  we  can  prove 
formulas  such  as  ->member(l,  [2, 3]). 

The  TABLOG  union  program,  described  earlier,  uses  both  equivalence  and  negation: 
union([].  v)  =  v 

union(xou.  v)  =  if  member(i,  r) 

then  union(u,  v) 
else  (xounion(u,  i')) 

~>member(x,  [  ]) 

member(x,  you)  =  (x  =  y)  V  member(x,  u). 

Here  is  a  possible  PROLOG  implementation  of  the  same  algorithm: 

unionpfxou.  y,  2)  <—  memberp(i.r)  A  unionp(u,  t\  z) 
unionp(xo  u ,  v,  xo 2)  unionp(u,  v.  z) 
unionp([j.  v,  r) 

memberp(x,  xo«) 

memberp(x,  you)  memberp(x,  u). 

Changing  the  order  of  the  first  two  clauses  in  the  PROLOG  program  will  result  in  an 
incorrect  output;  the  second  clause  is  correct  only  for  the  case  in  which  x  is  not  a  member 
of  v.  The  TABLOG  assertions  can  be  freely  rearranged;  this  suggests  that  all  of  them  can 
be  matched  against  the  current  goal  in  parallel,  if  desired. 

Unification 

The  unification  procedure  built  into  PROLOG  is  not  really  unification  (e.g.,  as  defined 
in  [Robinson  65]);  it  does  not  fail  in  matching  an  expression  against  one  of  its  proper 


subexpressions  since  it  lacks  an  occur-check.  When  a  theorem  prover  is  used  as  a  program 
interpreter,  the  omission  of  the  occur-check  makes  it  possible  to  generate  cyclic  expressions 
that  may  not  correspond  to  any  concrete  objects. 

The  unification  used  by  the  TABLOG  interpreter  does  include  an  occur-check,  so  that 
only  theorems  can  indeed  be  proved. 

5.  Comparison  with  LISP 

LISP  programs  are  functions,  each  returning  one  value;  the  arguments  of  a  function  must 
be  bound  before  the  function  is  called.  In  TABLOG.  on  the  other  hand,  programs  can  be 
either  relations  or  functions,  and  the  arguments  need  not  be  bound;  these  arguments  will 
later  be  bound  by  unification. 

We  can  illustrate  this  with  the  quicksort  program  again,  concentrating  on  the  partition 
subprogram.  In  TABLOG,  w'e  have  seen  how  to  achieve  the  partition  by  a  predicate  with 
four  arguments,  two  for  input  and  tw'o  for  output: 

1.  partition(.r,  [],[].[]) 

2.  partition(x.  yo  u,  yo  u\ ,  u-j) 

*—  y  <  x  A  partition(x,  u,  u\ ,  u-j) 

:l  partition(x,  y o  u,  ui ,  yo  u2) 

* —  y  >  x  A  partition(x,  u,  U\ .  1/2) 

The  definition  of  the  program  partition  is  much  shorter  and  cleaner  than  the  corre¬ 
sponding  LISP  program: 

highpart(x,  u)  <= 

if  null(u)  then  nil 

else-if  x  >  car (u)  then  highpart(x,cdr(u)) 
else  cons(car( u).  highpart(x,  cdr(u))) 

lowpart(x.u)  <= 

if  null(  u)  then  nil 
else-if  x  >  car(u) 

then  cons(car(u), lowpart(x, cdr(u))) 
else  lowpart(  x.  cdr(  a) ). 

\\('  can  generate  the  two  sublists  in  LISP  simultaneously,  but  this  will  require  even  more 
pairing  and  decomposition. 

Note  that  unification  also  gives  us  “free”  decomposition  of  the  list  argument  into  its 
head  and  tail;  in  the  Lisp  program,  this  decomposition  requires  explicit  calls  to  the  func¬ 
tions  car  and  cdr. 


6.  The  Deductive- Tableau  Proof  System 

In  this  section,  we  give  a  brief  summary  of  the  Manna- Waldinger  deductive-tableau  proof 
system  [Manna  and  Waldinger  80  and  82],  This  proof  system  is  used  as  the  TABLOG 
interpreter.  We  describe  only  the  deduction  rules  actually  employed  in  it. 

A  deductive  tableau  consists  of  rows,  each  containing  either  an  assertion  or  a  goal.  The 
assertions  and  goals  (both  of  which  we  refer  to  by  the  generic  name  entries)  are  first-order 
logic  formulas;  the  theorem  is  proved  by  manipulating  them.  The  declarative  or  logical 
meaning  of  a  tableau  is  that,  if  every  instance  of  all  the  assertions  is  true,  then  some 
instance  of  at  least  one  of  the  goals  is  true.  The  assertions  in  the  tableau  are  like  clauses 
in  a  standard  resolution  theorem  prover — but  they  can  be  arbitrary  first-order  formulas, 
not  just  disjunctions  of  literals. 

The  theorem  to  be  proved  is  entered  as  the  initial  goal.  A  proof  is  constructed  by  adding 
new  goals  to  the  tableau,  using  deduction  rules,  in  such  a  way  that  the  final  tableau  is 
semantically  equivalent  to  the  original  one.  The  proof  is  complete  when  we  have  generated 
the  goal  true. 

Deduction  Rules 

The  basic  rules  used  for  the  program  execution  task  are  the  following: 

•  Sonelausal  Resolution:  This  generalized  resolution  rule  allows  removal  of  a  subfor¬ 

mula  P  from  a  goal  $[P]  by  means  of  an  appropriate  assertion  A[P).  Resolving 
the  goal 

5[P] 

with  the  assertion 

X[P|, 

provided  that  F  and  P  are  unifiable,  i.e. ,  P0  =  P9  for  some  (most-general)  unifier 
6 ,  we  get  the  new  goal 

not(A' [false])  A  Q'[true\, 

where  A1  [false]  is  A9  after  all  occurrences  of  PO  have  been  replaced  by  false ,  and 
similarly  for  §'\true\.  This  deduction  rule  can  be  justified  by  case  analysis. 

The  choice  of  the  unified  subformulas  is  governed  by  the  polarity  strategy  [Murray 
82].  A  subformula  has  positive  polarity  if  it  occurs  within  an  even  number  of 
(explicit  or  implicit)  negations,  and  has  negative  polarity  if  it  occurs  within  an 
odd  number  of  negations.  (An  assertion  has  an  implicit  negation  applied  to  it.)  A 
subformula  can  occur  both  positively  and  negatively  in  a  formula.  According  to 
the  polarity  strategy,  the  subformula  P  will  be  replaced  by  false  only  if  it  occurs 
with  negative  polarity  and  the  subformula  Q  will  be  replaced  by  true  only  if  it 
occurs  with  positive  polarity. 

•  Equality  Rule:  An  asserted  [possibly  conditional]  equality  of  two  terms  can  be  used 

to  replace  one  of  the  terms  with  the  other  in  a  goal.  If  the  asserted  equality  is 
conditional,  the  conditions  are  added  to  the  resulting  goal  as  conjunct s. 


Thus,  suppose  the  assertion  is  of  the  form 

Ms  =  *1 

and  the  goal  is 

91*1 

where  s  and  s  are  unifiable.  i.e..  s0  =  s0  for  some  unifier  0.  Then  we  get  the  new 
goal 

not{A'[false ])  A 

where  A1  [fake]  is  A0  after  all  occurrences  of  the  equality  s0  =  t0  (which  should 
occur  with  negative  polarity)  have  been  replaced  by  false ,  and  where  is  Q 0 

after  the  replacement  of  all  occurrences  of  the  term  s0  by  t0. 

The  reftexivity  axiom  for  equality  x  =  x  is  implicitly  included  among  the  asser¬ 
tions  of  every  tableau. 

•  Equivalence  Rule:  The  replacement  of  one  subformula  by  another  asserted  to  be 

equivalent  to  it.  This  is  completely  analogous  to  the  equality  rule  except  that  we 
replace  atomic  formulas  rather  than  terms,  using  equivalence  rather  then  equality. 

•  Simplification:  The  replacement  of  a  formula  by  an  equivalent  but  simpler  formula. 

Both  propositional  and  arithmetic  simplification  are  performed  automatically  by 
the  TAB  LOG  interpreter. 

While  nonclausal  resolution  and  the  equivalence  rule  can  be  performed  unifying  arbi¬ 
trary  subformulas,  the  TABLOG  interpreter  applies  these  deduction  rules  unifying  atomic 
subformulas  only. 

7.  Program  Semantics 

The  logical  interpretation  of  a  tableau  containing  a  TABLOG  program  and  a  call  to  it  is 
the  logical  sentence  associated  with  the  tableau:  the  conjunction  of  the  universal  closures 
of  the  assertions  implies  the  existential  closure  of  the  goal. 

The  desired  goal  is  reduced  to  true  by  means  of  the  assertions  and  the  deduction  rules. 
The  variables  are  bound  when  subexpressions  of  the  goal  (or  derived  subgoals)  are  unified 
with  subexpressions  of  the  assertions.  The  order  of  the  reduction  is  explained  in  the  next 
section.  The  output  of  the  program  is  the  final  binding  of  the  variables  of  the  original  goal. 

We  distinguish  between  defined  functions,  whose  semantics  is  defined  by  the  user  pro¬ 
gram.  and  primitive  functions,  which  are  either  data  constructors  (e.g.,  o),  or  are  built-in 
and  have  their  semantics  defined  by  attached  procedures  in  the  simplifier;  for  example,  an 
expression  like  (2  +  x  +  5)  o  [  ]  is  considered  primitive  and  will  be  automatically  simplified 
to  (x  +  7)o[j. 

As  in  PROLOG,  variables  are  local  to  the  assertion  or  goal  in  which  they  appear.  Re¬ 
naming  of  variables  is  done  automatically  by  the  interpreter  when  there  is  a  collision  of 
names  between  the  goal  and  assertion  involved  in  a  derivation  step. 

The  variables  of  the  original  goal  are  the  output  variables.  The  interpreter  keeps  their 
binding  throughout  the  derivation;  the  same  variable  name  can  be  used  for  a  different 
purpose  in  other  assertions  or  goals. 


9 


8.  Program  Execution 

Every  line  in  a  program  is  an  assertion  in  the  tableau:  a  call  to  the  program  is  a  goal  in 
the  same  tableau. 

The  tableau  system  provides  us  with  deduction  rules  but  with  no  specific  order  in 
which  to  apply  them.  To  use  it  as  a  programing  language,  we  have  to  specify  the  order  of 
application  both  for  predictability  and  for  efficiency. 

The  proof  system  is  used  to  execute  programs  in  a  way  analogous  to  the  inversion 
of  a  matrix  by  linear  operations  on  its  rows,  where  we  simultaneously  apply  the  same 
transformations  to  the  matrix  to  be  inverted  and  to  the  identity  matrix.  In  the  program 
execution  process,  we  start  with  a  tableau  containing  the  assertions  of  the  program  and  a 
goal  calling  this  program;  we  apply  the  same  substitutions  (obtained  by  unification)  to  the 
current  subgoal  and  to  the  binding  of  the  output  variables.  A  matrix  inversion  is  complete 
when  we  reduce  the  original  matrix  to  the  identity  matrix:  in  TAB  LOG  we  are  done  when 
we  have  reduced  the  original  goal  to  true.  At  this  point,  the  result  of  the  computation  is 
the  final  binding  of  the  output  variables. 

Although  in  the  declarative  (logical)  semantics  of  the  tableau  the  order  of  entries  is 
immaterial,  the  procedural  interpretation  of  the  tableau  as  a  program  takes  this  order  into 
account:  changing  the  order  of  two  assertions  or  changing  the  order  of  the  conjuncts  or 
disjuncts  in  an  assertion  or  a  goal  may  produce  different  computations. 

The  user  for  his  part,  has  to  specify  an  algorithm  by  employing  the  predefined  order  of 
evaluation  of  the  tableau.  At  each  step  of  the  execution,  one  basic  expression  (a  nonvariable 
term  or  an  atomic  formula)  of  the  current  goal  is  reduced.  The  expression  to  be  reduced  is 
selected  by  scanning  the  goal  from  left  to  right.  The  first  (leftmost)  basic  expression  that 
has  only  primitive  arguments  ( i.e. .  that  contain  only  variables,  constants,  and  primitive 
functions)  is  chosen  and  reduced,  if  possible.  Matching  the  selected  expression  against 
assertions  is  done  in  order  of  appearance. 

This  is  best  explained  with  an  example: 

To  sort  the  list  [2,  1.4.3]  using  quicksort,  we  write  the  goal 

^  =  qsort([2, 1,4,3]). 

To  execute  this  goal,  the  expression  chosen  for  reduction  will  be  the  term  qsort([2, 1,4,3]). 
i.e.,  qsort(2o[l,  4,3]).  This  term  unifies  with  the  leftmost  term  qsort(rou)  in  the  second 
assertion  of  the  quicksort  program, 

qsort(xou)  =  append ( qso rt (iq  ), xoqsort(u2 )) 

—  partition(x,  u,  u\ ,  u2). 

According  to  the  equality  rule,  it  will  be  replaced  by  the  corresponding  instance  of  the 
right-hand  side  of  the  equality;  this  is  done  only  after  the  unifier 


is  applied  to  both  the  goal  and  the  assertion.  The  occurrence  of  the  equality 
qsort(2o[i,4,3])  =  append(qsort(ui ),  2oqsort(u2 )) 
is  replaced  by  false  in  the  [modified]  assertion,  the  occurrence  of  the  term 


qsort(2o  [1. 4, 3]) 


is  replaced  by  the  term 


append(qsort(ui ),  2oqsort(u2)) 

in  the  (modified)  goal,  and  a  conjunction  is  formed,  obtaining 
not{false  *—  partition(2,  [1, 4, 3],  ii\ ,  112)  A 

c  =  append(qsort(u( ).  2oq8ort(ti2)) 

This  formula  can  be  reduced  by  the  simplifications 

( false  <—  P)  =>  not  P 


not{not  P)  =>  P 


to  obtain  the  new  goal 


partition(2,  [1,4,3],  uj ,  U2)  A 
^  =  append(qsort(ui ),  2oqsort(«2))- 

Continuing  with  this  example,  we  now  have  a  case  in  which  the  expression  to  be  reduced 
is  an  atomic  formula,  namely. 


partition(2,  [1,  4, 3],  iq ,  U2). 

This  atomic  formula  is  unifiable  with  a  subformula  in  the  second  assertion  of  the  partition 
subprogram  (with  variables  renamed  to  resolve  collisions) 

partitionfj-,  yon,  y o  u:f .  U4 ) 

*—  t/ <  x  A  partition(x,  u,  U3,  U4). 

Nonclausal  resolution  is  now  performed  to  further  reduce  the  current  goal.  The  unifier 
{x  2,  y  —  1.  u  <—  [4,3],  uj  <—  1  0U3,  u2  u4  } 


is  applied  to  both  the  assertion  and  the  goal;  the  formula 

partition(2,  [1,4,3],  1  o?/;!,  «.,) 


is  replaced  by  false  in  the  [modified]  assertion  and  by  true  in  the  goal.  Once  again  a 
conjunction  is  formed  and  the  new  goal  generated  (after  simplification)  is 

partition(‘2.  [4. 3].  u3.  u4)  A 
z  =  append(qsort(lou3),  2oqsort(w.i))- 
Eventually  we  reach  the  subgoal 
z  =  [1,2, 3, 4], 

where  the  right-hand  side  of  the  equality  contains  only  primitive  functions  and  constants. 
The  execution  then  terminates  and  the  desired  output  is 

[1.2.3, 4], 

Note  that  some  functions  and  predicates  (e.g..  o  in  this  example)  are  predefined  to  be 
primitive:  an  expression  in  which  such  a  symbol  is  the  main  operator  is  never  selected  to 
be  reduced,  although  its  subexpressions  may  be  reduced. 

Backtracking 

If  the  selected  expression  cannot  be  reduced,  the  search  for  other  possible  reductions  is 
done  by  backtracking. 

In  PROLOG  each  goal  is  a  conjunction,  so  all  the  conjuncts  must  be  proved:  this  means 
that,  when  facing  a  dead  end,  we  have  to  undo  the  most  recent  binding  and  try  other 
assertions. 

In  TAB  LOG  the  situation  is  more  complex:  each  goal  (and  each  assertion)  is  an  arbi¬ 
trary  formula,  so  it  is  possible  to  satisfy  it  without  satisfying  all  its  atomic  subformulas. 
Therefore,  when  the  TABLOG  interpreter  fails  to  find  an  assertion  that  reduces  some  basic 
expression,  it  tries  to  reduce  the  next  expression  that  can  allow'  the  proof  to  proceed.  In 
the  case  in  which  the  expression  that  cannot  be  reduced  is  ‘essential"  (for  example,  a  con¬ 
junct  in  a  conjunctive  goal),  no  other  subexpression  will  be  attempted  and  backtracking 
will  occur. 

During  backtracking,  the  goal  from  which  the  current  goal  was  derived  becomes  the  new- 
current  goal,  but  the  next  plausible  assertion  is  used.  This  is  similar  to  the  backtracking 
used  in  PROLOG. 

The  Implementation 

A  prototype  interpreter  for  TABLOG  is  implemented  in  MAC  LISP.  The  implemented  system 
serves  as  a  program  editor,  debugger,  and  interpreter.  All  the  examples  mentioned  in  this 
paper  have  been  executed  on  this  interpreter. 

The  backtracking  mechanism  provides  a  simple  way  of  changing  the  interpreter  so 
that  lazy  evaluation  can  be  employed  i.e..  so  that  attempts  can  be  made  to  evaluate 
expressions  even  if  they  have  nonprimitive  arguments. 

Because  the  interpreter  is  built  on  top  of  a  versatile  theorem-proving  system,  the  exe¬ 
cution  of  programs  is  relatively  slow.  The  interpreter  now  handles  complicated  cases  that 
might  arise  in  a  more  general  theorem-proving  task,  but  will  never  occur  in  TABLOG.  We 
hope  that  performance  will  be  improved  considerably  by  tuning  the  simplifier  and  utilizing 
tricks  from  PROLOG  implementations  to  make  the  binding  of  variables  faster. 


9.  Related  Research 


Logic  programming  has  become  a  fashionable  research  topic  in  recent  years.  Most  of  the 
research  relates  to  PROLOG  and  its  extensions.  We  mention  here  some  of  the  work  that 
has  been  done  independently  of  TABLOG  to  generate  languages  similar  to  TABLOG  in  their 
intention  and  capabilities. 

While  the  deductive-tableau  theorem  prover  used  for  TABLOG  execution  is  based  on 
a  generalized  resolution  inference  rule.  [Haridi  81],  [Haridi  and  Sahlin  83],  and  [Hansson, 
Haridi.  and  Tarnlund  82]  describe  a  programming  language  based  on  a  natural-deduction 
proof  system.  They  do  allow'  quantifiers  and  other  connectives  in  the  language  but  the 
syntax  of  their  assertions  is  somewhat  restricted. 

[Kornfeld  83]  extends  PROLOG  to  include  equality;  asserting  equality  between  two  ob¬ 
jects  in  his  language  causes  the  system  to  unify  these  objects  when  regular  unification  fails. 
This  makes  it  possible  to  unify  objects  that  differ  syntactically.  Kornfeld  treats  only  Horn 
clauses  and  does  not  introduce  any  substitution  rule  either  for  equality  or  for  equivalence. 

[Tamaki  84]  extends  PROLOG  by  introducing  a  reducibility  predicate,  denoted  by  t>. 
This  predicate  has  semantics  similar  to  the  way  TABLOG  uses  equality  for  rew-riting  terms. 
This  work  also  includes  /- symbols  and  d-symbols  that  are  analogous  to  TABLOG’s  distinction 
between  defined  and  primitive  functions.  The  possible  nesting  of  terms  is  restricted  and 
programs  must  be  in  Horn  clause  form. 

OBJ  [Goguen,  Meseguer,  and  Plaisted  82]  is  also  related  to  logic  programming.  It  is 
based,  however,  on  the  algebraic  semantics  of  abstract  data  types  and  equational  theory 
rather  than  on  [resolution-based]  theorem  proving  in  first-order  logic.  OBJ  1  is  an  advanced 
implementation  of  the  language  that  allows  parameterized  and  hierarchical  programming. 
OBJ  1  includes  system  features  for  convenience  and  efficiency;  it  uses  one-way  pattern 
matching  to  apply  rewrite  rules  rather  than  two-way  unification.  [Goguen  and  Meseguer 
84]  describes  EQLOG,  the  extension  of  OBJ  to  include  unification  and  Horn  clauses. 

There  are  PROLOG  systems,  such  as  LOGLISP  [Robinson  and  Sibert  82]  and  QLOC 
[Komorowski  79  and  82]  that  are  implemented  within  LISP  systems.  These  systems  allow 
the  user  to  invoke  the  PROLOG  interpreter  from  within  a  LISP  program  and  vice  versa.  In 
TABLOG,  however,  LISP-like  features  and  PROLOG-like  features  coexist  peacefully  in  the 
same  framework  and  are  processed  by  the  same  deductive  engine. 

10.  Conclusions  and  Discussion 

The  TABLOG  language  is  a  new  approach  to  logic  programming:  instead  of  patching  up 
PROLOG  with  new  constructs  to  eliminate  its  shortcomings,  we  suggest  a  more  powerful 
deductive  engine. 

The  combination  in  TABLOG  of  unification  as  a  binding  mechanism,  equality  for  speci¬ 
fying  functions,  and  first-order  logic  for  specifying  predicates  creates  a  rich  language  that 
is  clean  from  a  logical  point  of  view.  As  a  consequence,  programs  correspond  to  our  intu¬ 
ition  and  are  easier  to  write,  read,  and  modify  We  can  mix  Lisp-style  and  PROLOG-st  vie 
programming  and  use  whichever  is  more  convenient  for  the  problem  or  subproblem. 


By  restricting  the  general-purpose  deductive-tableau  theorem  prover  and  forcing  it  to 
follow  a  specific  search  order,  we  have  made  it  suitable  to  serve  as  a  program  interpreter; 
the  specific  search  order  makes  it  both  more  predictable  and  more  efficient  than  attempting 
to  apply  the  deduction  rules  arbitrarily. 

While  the  theorem  prover  supports  reasoning  with  quantified  formulas  [Manna  and 
Waldinger  82;  Bronstein  83],  the  ramifications  of  including  quantifiers  in  the  language 
are  still  under  investigation.  Quantifiers  would  certainly  enhance  the  expressive  power 
of  TABLOG.  but  we  believe  that  they  are  more  suited  to  a  specification  language  than  a 
programming  language. 

It  seems  very  natural  to  extend  TABLOG  to  parallel  computation.  The  inclusion  of  real 
negation  makes  it  possible  to  write  programs  that  do  not  depend  on  the  order  of  assertions. 

The  extension  of  TABLOG  to  support  concurrent  programs  is  being  pursued.  If  the 
conditions  of  the  assertions  are  disjoint,  several  assertions  can  be  matched  against  the 
current  subgoal  in  parallel.  In  addition,  disjunctive  goals  can  be  split  between  processes. 
If  there  are  no  common  variables,  conjuncts  can  be  solved  in  parallel;  otherwise  some  form 
of  communication  is  required. 

The  or -parallelism  and  and-parallelism  suggested  for  PROLOG  are  applicable  for  TAB- 
LOG  as  well.  The  or-parallelism  of  PROLOG  relates  to  matching  against  many  assertions; 
in  TABLOG  or-parallelism  is  possible  within  every  goal,  since,  for  example,  goals  can  be 
disjunctive.  In  TABLOG  can  other  forms  of  parallelism  can  be  applied  to  nested  function 
calls. 

Acknowledgments 

Thanks  are  due  to  Martin  Abadi,  Yoram  Moses,  Oren  Patashnik,  Jon  Traugott,  and  Joe 
Weening  for  comments  on  various  versions  of  this  paper.  We  are  especially  indebted  to 
Bengt  Jonsson  and  Frank  Yellin  for  reading  many  versions  of  the  manuscript  and  providing 
insightful  comments  and  suggestions. 

References 

[Bronstein  83] 

A.  Bronstein,  ‘'Full  quantification  and  special  relations  in  a  first-order  logic  theorem 
prover,"  programming  project,  Computer  Science  Department,  Stanford  University, 
1983. 

[Clark  and  Tarnlund  82] 

K.  L.  Clark  and  S.-A.  Tarnlund  (editors).  Logic  Programming ,  Academic  Press  (1982). 
A  P  IC.  Studies  in  Data  Processing  No.  16. 

[Goguen  and  Meseguer  84] 

J.  Goguen  and  J.  Meseguer,  “Equality,  types,  modules  and  generics  for  logic  pro¬ 
gramming."  in  Proceedings  of  the  Second  International  Logic  Programming  Conference , 
Uppsala.  Sweden.  July  2-6,  1984. 


[Goguen,  Meseguer.  and  Plaisted  82] 

J.  Goguen.  J.  Meseguer.  and  D.  Plaisted.  “Programming  with  parameterized  abstract 
objects  in  OBJ,"  in  Theory  and  Practice  of  Software  Technology ,  edited  by  D.  Ferrari, 
M.  Bolognani,  and  J.  Goguen,  North-Holland.  1982. 

[Hansson.  Haridi.  and  Tarnlnnd  82] 

A.  Hansson.  S.  Haridi.  and  S.-A.  Tarnlnnd.  Properties  of  a  Logic  Programming  Lan¬ 
guage."  in  [Clark  and  Tarnlnnd  82]. 

[Haridi  81] 

S.  Haridi.  “Logic  programming  based  on  a  natural  deduction  system."  Ph.D.  Thesis, 
Department  of  Telecommunication  Systems  and  Computer  Science,  The  Royal  Institute 
of  Technology.  Stockholm.  Sweden.  1981. 

I  Haridi  and  Sahlin  83] 

S.  Haridi  and  D.  Sahlin,  “Evaluation  of  logic  programs  based  on  natural  deduction," 
Technical  report  RITA-CS-8305  B.  Department  of  Telecommunication  Systems  and 
Computer  Science.  The  Royal  Institute  of  Technology.  Stockholm.  Sweden.  1983. 

Komorowski  791 

H.  J.  Komorowski.  “The  QLOG  Interactive  Environment."  Technical  Report  LITH- 
MAR-R-79- 19.  Informatics  Lab,  Linkopping  Lhiiversity.  Sweden.  August  1979. 

[Komorowski  82] 

H.  J.  Komorowski.  “QLOG  The  Programming  Environment  for  Prolog  in  LISP,"  in 
[Clark  and  Tarnlnnd  82] 

[Kornfeld  83] 

\V.  Kornfeld.  "Equality  for  Prolog,"  in  Proceedings  of  the  Eighth  International  Joint 
Conferenct  on  Artificial  Intelligence,  Karlsruhe.  West  Germany,  August  1983. 

[Kowalski  79; 

R.  Kowalski.  Logic  for  Problem  Solving.  North-Holland,  1979. 

Manna  and  Waldinger  80] 

/..  Manna  and  R.  Waldinger.  "A  deductive  approach  to  program  synthesis."  A('M 
Transaction^  on  Programming  Languages  and  Systems ,  Vol.  2,  No.  !.  pp.  92  121.  .Jan¬ 
uary  1980. 

Manna  and  Waldinger  82] 

Z  Manna  and  R.  Waldinger.  “Special  relations  in  program-synthetic  deduction."  De¬ 
partment  of  Computer  Science.  Technical  Report  No.  STAN-CS-82-902,  Stanford  Uni¬ 
versity  To  appear  in  Journal  of  the  ACM. 

Murray  82 

N  V  Murray.  "Completely  nonclausal  theorem  proving,"  Artificial  Intelligence,  Vol. 
18.  No.  1 .  pp  07  8a. 

Robinson  On] 

.1  A  Robinson.  A  machine-oriented  logic  based  on  the  resolution  principle,"  Journal 
of  tin  .1  CM.  Vol.  12.  No.  1.  .Jan  1903.  pp.  23  11. 


15 


[Robinson  and  Sibert  82] 

J.  A.  Robinson  and  E.  E.  Sibert,  “LOGLISP:  and  alternative  to  PROLOG,”  in  Machine 
Intelligence  10 ,  J.  E.  Hayes,  D.  Michie,  and  Y-H  Pao  editors,  Ellis  Horwood  Ltd., 
Chichester,  1982. 

[Tamaki  84] 

H.  Tamaki,  “Semantics  of  a  logic  programming  language  with  a  reducibility  predicate,” 
Proceedings  of  the  IEEE  Logic  Programming  Conference,  Atlantic  City,  February  1984. 


March  1985 


Report  No  ST  A  V(  S  85  1044 


AFOSR.TR.  86-2  i  64 


#■ 


The  Origin  of  the  Binary-Search  Paradigm 


by 


Zohar  Manna 
Richard  Waldingcr 


Department  of  Computer  Science 

Stanford  University 
Stanford.  CA  94305 


■'■O'vvw 


.  A  A 

i 


THE  ORIGIN  OF  THE  BINARY-SEARCH  PARADIGM 


ZOHAR  MANNA 
(Computer  Science  Department 
Stanford  University 
Stanford,  CA  94305 


RICHARD  WALDINCER 
Artificial  Intelligence  Center 
SRI  International 
Menlo  Park,  CA  94025 


ABSTRACT 


In  a  binary-search  algorithm  ldr  llie  computation  of  a  imincnca!  function,  the  interval  in  wliicli 
the  desired  output  is  sought  is  divided  m  half  at  each  iteration.  The  [wiper  considers  liow  such 
algorithms  might  he  derived  from  t  heir  specific  at  ions  by  an  automatic  program-synthesis  system. 
The  derivation  of  the  binary-search  concept  lias  been  found  to  be  surprisingly  straightforward. 
The  programs  obtained,  though  reasonably  simple  and  efficient .  are  quite  different  from  those  that 
would  have  been  constructed  by  informal  means. 

Key  Words  program  synthesis,  theorem  proving,  binary  search,  real  square  root 


INTRODUCTION 


Some  of  the  most  ellirient  algorithm*  for  the  computation  of  numerical  functions  rely  on  the 
technique  of  hi  miry  si-urrh:  according  to  (Ins  technique,  the  interval  in  which  (he  desired  output  is 
sought  is  divided  in  lialf.il  each  iteration  until  it  is  smaller  than  a  given  tolerance. 

For  example,  let  us  consider  the  following  program  for  linding  a  real  number  approximation  to 
the  square  root  of  a  nonnegative  real  number  r.  The  program  sets  z  to  be  within  a  given  positive 
tolerance  i  less  t  hail  VT. 

;  0 

v  <■—  rna:r(r,  1 ) 

while  <  <  v  do  v  *•—  v/2 

if  \z  t-  if  <  r  thru  z  z  t-  v 

rrturn(  .;■) 

This  i-  a  dassii  .il  -qii.in--riml  program  liased  on  one  lh.it  appeared  in  Hensley  ,'59'  'Die  program 
esl  a  I  ill  -In  s  ,md  mam  I  .ini'  the  hmp  in  van  an  I  I  ha  I  .  is  within  e  less  than  v  r .  i  e. .  that  y r  belongs 
to  the  half  open  nit  erval  \  :.  r  ■  r )  At  each  il  er.it  u  m ,  I  lie  pro;;  ram  di  v  ides  this  i  nl  cr  val  in  half  and 
tests  whether  ^  r  i>  m  the  right  or  left  half,  adjusting  ;  and  e  .u  <  ordingly,  until  r  is  smaller  than 

This  researi  h  was  -upported  in  part  fry  the  National  S<  icnee  bound. it  ion  under  grants  M('S- 
A'l  I  1525  and  \1<  S- S  I  (l.iaf  ,5.  by  Dell  use  Advanied  Rr-i-.ai  <  1 1  I’r.qeits  Ageiuy  Ullder  ('outract. 
Nlini).".1 1  |  (  -D'J  |  I  by  till  I  lilted  Slates  ,\n  |.irii  (  tllice  o|  >  i  I  •  1 1 1  1 1  i  i  Re.-earill  Ullder  (  'out  laid 

A  1  (  )Sl:  S  I  tin  |  1 .  h  v  the  (  )  1 1  i  ■  ■  -  ,  .1  N  aval  R  i  si  ari  b  u  I  nit  f  <  out  rat  I  N I II  It)  I  I  -  S  I  -  (  (I7(  Hr.  and  by  a 
eoul  i  ai  1  fi  urn  tli'  hit  i  1 1 1 at  ion.  .1  1  hi  -  mess  \f  fli  It ;  m  s  <  'or pi  >ral  ion . 


2 


the  given  l(il'  iaiin' t.  The  program  is  reasonably  efficient,  it  terminal  es  after  '  l<nj-j(max(r,  l ) / 1 ) ] 
iterations. 

Analogous  programs  provide  an  efficient  means  of  computing  a  variety  of  numerical  functions. 
It  is  not  immediately  obvious  how  such  programs  can  be  developed  by  automatic  program-synthesis 
systems,  which  derive  programs  to  meet  given  speeitical  ions.  Some  researchers  (e.g.„  Dershowit z, 
and  Manna  77  Smith  8a  ’)  have  suggested  that  synthesis  systems  be  provided  wit  It  several  general 
program  schemata,  whah  could  be  specialized  as  required  to  tit  particular  applications.  Binary 
search  Would  be  one  of  these  schemata.  The  system  would  be  required  to  discover  which  schema, 
if  any.  is  apolicahle  to  a  new  problem. 

It  u. iy  i i id* ’ d  be  valuable  to  provide  a  synthesis  system  with  general  schemata,  but  this 
approach  le  ves  open  the  question  of  how  such  schemata  are  discovered  in  the  lirsf  place.  To  our 
surprise,  we  have  found  that  the  concept  of  binary  search  emerges  quite  naturally  and  easily  in 
the  derivations  .>!  >oine  numen>  al  programs  and  does  not  need  to  be  built  in.  The  programs  we 
have  obt iir  .  d  in  t his  w.iv  are  t«  a.-onably  simple  and  ellieient .  but  bizarre  in  appearance  and  quite 
ddh  n  ut  !ri  "ii  :  i i •  ■  - 1 ■  we  would,  have  const  ructe'l  by  uifonu.il  means. 

The  p  o"!  u:n-  b.'ivc  been  di  nveil  m  a  deductive  framework  (Manna  and  YValdinger  [80 j ,  (85 j ) 
in  which  tie  proie-s  ot  nm.'i  nn  ting  a  piogr.un  is  regarded  as  a  task  of  proving  a  mathematical 
theorem  ,\i  cording  to  tin-  approach,  the  program's  specification  is  phrased  as  a  theorem,  the 
theorem  is  pi  •!.  and  a  pi < ram  guaranteed  to  meet  the  specification  is  extracted  from  the 
proof  11  ’hr  -p.  '  iht'.'ii i"i;  iotli'  ts  our  intentions  correctly,  no  further  verification  or  testing  is 
required 

In  tin-  paper  ue  out  line  our  /!r<hii  I  nr  frame  work  and  show  the  derivation  of  a  numerical 
prog  ram  up  to  ’in  point  at  which  tin-  binary-search  com  ept  emerges.  We  then  show  several 
analogous  '  !!..'■>  -eal  I'll  programs  that  have  been  developed  by  this  method  Finally  we  discuss 
what  tin ■'(■  linding-  indicate  about  the  prospects  for  aulomalic  program  synthesis. 


DEDUCTIVE  PROGRAM  SYNTHESIS 

In  this  section  we  describe  our  framework  for  deductive  program  synthesis,  emphasizing  those 
aspects  that  .are  essemial  for  the  derivation  fragment  I  li.it  appears  m  ibis  paper  headers  who 
would  like  a  fuller  introduction  to  this  approach  arc  referred  to  Manna  and  Waldmgei  (;80\  [ 8 5 [ ) . 

We  begin  with  an  outline  of  the  logical  concepts  we  shall  need. 


bOUICAL  IMf  ICREQPISITES 

The  syst  cm  deals  with 

•  ferrus  composed  in  I  he  usual  way  ’of  constants  b.  r.  ...  variables  u.  l'.  w,  ..., 
function  sj  uibols,  and  !  lie  conditional  [if- the  n-rl.-r)  term  constructor. 

•  nhnn.i  i  omposed  ol  terms,  relation  (preil ii  at i  )  -vmbols.  including  I  lie  equality 
symbol  ,  and  tin  I  ruth  symbol'  Irm  and  /t/sr. 


sentences  composed  of  atoms  and  logical  connectives. 


Sentences  are  quantifier-free.  We  sometimes  use  infix  notation  for  function  and  relation  sym¬ 
bols  (for  example,  x  +  a  or  0  <  y).  An  expression  is  a  term  or  a  sentence.  An  expression  is  said 
to  be  r /round  if  it  contains  no  variables.  Certain  of  the  symbols  are  declared  to  be  primitive :  these 
are  the  computable  symbols  of  our  programming  language. 

Let  e,  s,  and  t  be  expressions,  where  ,s  and  t  are  either  both  sentences  or  both  terms.  If  we 
write  e  as  e[s|,  then  <:[f]  denotes  the  result  of  replacing  every  occurrence  of  s  in  <;[.s]  with  t. 

We  loosely  follow  the  terminology  of  Ifobinson  (70) .  We  denote  a  substitution  0  by  {jq  *— 
1 1 .  .r 2  *—  1 2.  ,  xn  «-  frl}.  For  any  expression  r.  the  expression  <  0  is  the  result  of  appli/inij  0  to  e, 

obtained  by  simultaneously  replacing  every  occurrence' of  the  variable'  x,  in  r  with  the'  eonrsponding 
term  tt.  We  shall  alse>  say  that  i.O  is  an  instance  of  e. 

Variable's  in  sentences  are'  give'll  an  implied  universal  epiant ilication;  a  se-nte'nce'  is  true'  under 
a  given  interpret  at  ion  if  and  emly  if  e-very  iustauce  of  the  sentence  is  true,  and  if  and  only  if  eve-ry 
ground  instance'  e>|‘  the'  se-nterne'e-  (i .e*. ,  an  instance'  that  contains  no  variable's)  is  true. 

Let  e,  and  t  be  e'xpre'ssions,  whe-re  s  anel  t  are'  either  both  se'nte'ne-es  or  both  terms,  anel  let 
0  he'  a  substitution.  If  we>  write'  <  as  c;(.s],  then  cd[f]  eh'imtes  the'  re-sult  of  replacing  e-ve'ry  occurrence 
of  kO  in  cO  with  t. 

We  neiw  ek'se  ribe  the-  basic  notions  of  ele'elue-tive  program  synthesis. 


SPECIFICATIONS  AND  PROGRAMS 

A  specification  is  a  statement  e>f  the-  purpose  of  the'  desired  program,  which  nee-el  give-  no 
indication  eif  the'  met  hex!  by  which  t  hat  purpose*  is  te>  he-  achieved.  In  this  paper  we  e  emsider 
emly  applicative  (or  functional)  programs,  whieh  y iedel  an  output  but  alte-r  no  elata  structure's  and 
produce  nei  either  side'  elfe-cts.  The'  specifications  for  these’  programs  have  the*  form 

f(a)  line!  z  such  that  £[«,  z ] 

where  P\a\. 

In  e >t heT  weirds,  the  program  /  we  want  to  construct  is  tei  yield,  for  a  given  input  a,  an  output  z 
satisfying  the  output  condition  £[ei.  ~],  preivieled  that  the  input  a  sat isl ie-s  the  irijiut  condition  P\a\. 
In  other  words,  z  is  tei  satisfy  the'  input-output  eeinelitiein 

•/  P\n\ 

then  P  (el,  xr|. 

For  e'xamjile.  suppose  we  want  to  specify  the  preigram  s</rt  to  yii'ld  a  real  number  z  that  is 
within  a  given  tolerance'  <  less  than  ^/r,  I  lie-  e-xae  t  sepiare  root  of  a  given  noiuu'gative  real  numbeT 
r  'I'lii'ii  we  might  write 

,ie/rt(r,  e)  <---  line!  ~  such  that 

z2  <  r  and  not  [(,:  t  i)2  <  r] 
where  0  <  r  and  0  <  < . 


li M.m.  HCL  Xm  m 


In  other  words,  wo  want  to  Had  an  output  z  satisfying  the  output  condition 
z“  <  r  and  not  [(z  +  c)2  <  r], 
provided  that  the  inputs  r  and  c  satisfy  the  input  condition 
0  <  r  and  0  <  f. 

Tin'  above  square-root  specification  is  not  a  program  and  does  not  indicate  a  particular  method 
for  computing  t  he  square  mot;  it  describes  t  he  input -out  put  behavior  of  many  programs,  employing 
different  algorithms  and  perhaps  producing  different  outputs. 

The  programs  we  consider  are  sots  of  expressions  of  the  form 

/.(")  <=  ti, 

where  tl  is  a  primitive  term,  i.c.,  one  expressed  entirely  in  the  vocabulary  of  our  programming 
language.  These  programs  can  be  mutually  recursive;  i.e.,  we  regard  the  function  symbols  /,  as 
primitive,  ltt  the  usual  way.  such  a  program  indicates  a  method  for  computing  an  output  .  For  the 
most  part .  in  this  paper  we  shall  consider  programs  consisting  of  only  a  single  expression  /( a)  t, 
which  may  be  recursive;. 

In  a  given  theory,  a  program  /  is  said  to  satisfy  a  specification  of  the  above  form  if,  for  any 
input  a  satisfying  the  input  condition  P\o\.  the  program  f(a)  terminates  and  produces  an  output 
t  satisfying  the  output  condition  £[a,  t\. 


DEDUCTIVE  TABLEAUS 


The  fundamental  structure  of  our  system,  the  deductive  tableau,  is  a  sot  of  rows ,  each  of  which 
must  contain  a  sentence,  either  an  assertion  or  a  yoni.  any  of  these  rows  may  contain  an  expression, 
the  output  entry.  An  example  of  a  tableau  follows: 


assertions 

goals 

outputs 

/(«) 

-p!«l 

£(«,  z\ 

z 

*/  </M 

lh.cn  .?[«,  I)| 

'/('*) 

0 

Here  u  and  z  are  variables  and  a  and  0  are  constants. 


Under  a  given  interpretation,  a  tableau  is  true  whenever  the  following  condition  holds: 

It  all  instances  of  each  of  the  assertions  are  true, 
then  -oiiie  instance  of  at  least  one  of  the  goals  is  true. 


Equivalently,  the  tableau  is  true  if  some  instance  of  at  least  one  of  the  assertions  is  false  or  some 
instance  of  at  least  one  of  the  goals  is  true.  Thus,  the  above  tableau  is  true  if  P (uj  is  false,  if 

»/  n(h) 

then  .£[6,  0) 

is  false,  if  ?[«.  r]  is  true,  or  if  </(u)  is  true  (among  other  possibilities). 

In  a  given  theory,  a  tableau  is  said  to  be  valid  if  it  is  true  under  any  model  for  the  theory. 
Under  a  given  interpretation  and  for  a  given  specification 

f(u)  find  c  such  that.  ?(a,2| 

where  P\<i\, 

a  goal  is  said  to  have  a  suitable,  output  entry  if,  whenever  an  instance  of  the  goal  is  true,  the 
corresponding  instance  t1  of  the  output  entry  will  satisfy  the  input-output  condition 

</  P\<>] 

then  /?[u,  t'J. 

(If  the  goal  has  no  explicit  output  entry,  then  it  is  said  to  have  a  suitable  output,  entry  if.  whenever 
an  instance  of  the  goal  is  true,  any  term  t'  satisfies  the  input-output  condition.)  An  assertion  is  said 
to  have  a  suitable  output  entry  if,  whenever  an  instance  of  the  assertion  is  false,  the  corresponding 
instance  t'  of  the  output  entry  will  satisfy  the  input-output  condition. 

Example 

In  the  theory  of  the  real  numbers,  consider  the  square-root,  specification 

n<]rt(r,  t)  <=  find  z  such  that. 

z2  <  r  and  not  [(j  +  r)2  <  r] 
where'  0  <  r  and  0  <  c 


and  the  following  tableau: 


6 


Under  any  model  for  the  theory,  the  output  entries  of  the  above  tableau  are  suitable  for  the 
square-root  specification.  In  particular,  if  some  instance  of  goal  2,  obtained  by  replacing  z  with  s, 
is  true,  then  s  will  satisfy  the  input-output  condition.  That  is, 

if  0  <  r  and  0  <  c 

then  s2  <  r  amt  not [(s  +  e  )2  <  r] 

is  true.  Also,  if  assertion  1,  which  has  no  output  entry,  is  false,  then  any  term  s  satisfies  the  above 
condition. 

Under  a  given  interpretation  I  and  for  a  given  specification,  two  tableaus  T|  and  lb  have  the 
same  mtntniny  if 

Ti  is  true  under  I 
if  and  only  if 
is  true  under  I 

and 

the  output  entries  of  Tj  are  suitable 
if  and  only  if 

the  output  entries  of  T2  are  suitable. 

In  a  given  theory  and  for  a  given  specification,  two  tableaus  are  equivalent  if,  under  any  model  I 
for  the  theory,  the  meaning  of  the  two  tableaus  is  the  same. 


PROPERTIES  OF  A  TABLEAU 

Let  us  consider  a  particular  theory  and  a  particular  specification,  which  will  both  remain  fixed 
throughout  tins  discussion.  We  shall  use  the  following  properties  of  a  tableau: 

•  Duality  Property 

Any  tableau  is  equivalent  to  the  one  obtained  by  removing  an  assertion  and  adding  its  negation 
as  a  new  goal,  with  the  same  output  entry.  Similarly,  any  tableau  is  equivalent  to  the  one  obtained 
by  removing  a  goal  and  adding  its  negation  as  a  new  assertion.  Thus,  we  could  manage  with  a 
system  I  fiat  has  no  goals  or  a  system  I  hat  has  no  assert  ions,  but  the  disl  im  I  ion  bet  ween  assertions 
and  goals  does  have  some  intuitive  significance. 

•  H.cnarninij  Property 

Any  tableau  is  equivalent  to  the'  one  obtained  by  systematically  renaming  the  variable's  of  any 
row.  More*  pre-cisely,  we’  may  replace  any  e>f  the-  variables  e>f  t be'  re>w  with  ne-w  variable's,  making 
sure-  that  all  exeurrenee's  e>f  the  same'  variable'  in  the'  row  (including  f  I  lose-  in  Die-  output  entry) 
are  replueeil  by  the  same'  variable'  and  that  distilled  variable's  in  the'  row  are  replaemel  by  elistinct 
variable's.  In  t»l  he-r  words,  the-  variable’s  eif  a  re>w  are'  dummie's  that  may  be-  renamed  five'ly. 


•  Instance  Property 


Any  tableau  is  equivalent  to  the  one  obtained  by  introducing  as  a  new  row  any  instance  of 
an  existing  row.  The  now  row  is  obtained  by  replacing  .all  occurrences  of  certain  variables  in  the 
existing  row  (including  those  in  the  output,  entry)  with  terms.  Note  that  the  existing  row  is  not 
replaced;  the  now  one  is  simply  added. 


THE  DEDUCTIVE  PROCESS 


Consider  a  particular  theory  and  the  specification 

f(a)  <■  find  z  such  that  £[<t,  z\ 
where  P  («]. 


We  form  the  initial  tableau 


assertions 

goals 

PH 

z 

We  may  also  include  in  the  initial  tableau  (as  an  assertion)  any  valid  sentence  of  the  theory. 

Note  that  the  output  entries  of  this  tableau  are  suitable:  Under  any  model  for  the  theory,  if  the 
initial  assertion  P ju]  is  false,  then  any  output  satisfies  the  input-output  condition  vacuously:  and 
if  some  instance  Z\a,  t]  of  the  initial  goal  is  true,  the  corresponding  instance  t  of  the  associated 
output  entry  satisfies  the  input -output,  condition.  Furthermore,  the  valid  sentences  included  as 
initial  assertions  cannot  be  false. 

We  attempt  to  show  that  the  above  tableau  is  valid.  We  proceed  by  applying  deduction  rules 
I  hat  add  new  rows  without  changing  the  tableau’s  meaning  in  any  model  for  the  theory.  In  other 
words,  under  a  given  model.  I  hi*  tableau  is  true  before  application  or  the  rule  if  and  only  iT  it  is  true 
afterwards,  and  the  output  entries  are  suitable  before  if  and  only  if  they  are  suitable  afterwards. 
We  describe  the  deduction  rules  in  tin*  next  section. 

The  deductive  process  continues  until  we  obtain  either  of  the  two  rows 


true  t 


or 


where  the  output  entry  t  is  primitive,  i.e..  expressed  entirely  in  the  vocabulary  of  our  programming 
language.  (We  regard  the  input,  constant  a  and  the  function  symbol  /  as  primitive'.)  At  this  point, 
we  derive  the  program 


8 


We  claim  that  t  satisfies  the  given  specification.  For,  in  applying  the  deduction  rules,  we  have 
guaranteed  that  the  new  output  entries  are  suitable  if  the  earlier  output  entries  are  suitable.  We 
have  seen  that  the  initial  output  entries  are  all  suitable;  therefore,  the  final  output  entry  t  is  also 
suitable.  This  means  that,  under  any  model,  if  the  final  goal  true  is  true  or  the  final  assertion  false 
is  false,  the  corresponding  output  entry  t  will  satisfy  the  input-output  condition 

'■I 

then  ?[«,  t\. 

[bit  under  any  model  the  truth  symbols  true  and  false  are  true  and  false,  respectively,  and  hence 
t  will  saiistv  the  input-output  condition  Therefore.  I  he  program  f(n)  <~-  t  does  satisfy  the  speci¬ 
fication. 


THE  DEDUCTION  RULES 

We  now  in’ioduee  the  deduction  rules  of  our  system,  emphasizing  those  t hat  play  a  role  in  the 
portions  ot  the  square-root  derivation  we  present  We  begin  with  the  simplest,  of  the  rules. 


THE  TRANSFORMATION  RULES 

The  t ralisfi  uniat  ion  rules  replace  subexpression.'  of  an  assertion  gunl  <  >j  output  entry  with 
equal  or  equivalent  expressions  For  instance,  with  tic  transformation  Mile 

and  true  — ►  P, 

we  eau  replace  the  subscntencc  ((/l  or  B)  and  true)  with  (A  or  It)  m  t|«  assertion 
J  ((/I  nr  B)  and  true )  or  D 
yielding 


or  B)  and  D 

Willi  the  I  ranslormat  ion  rule  (in  the  theory  of  integers  or  reals) 
u  t  u  »  2u, 

we  can  replace  a  siibtcrm  (a  l>)  f  (a  +  h)  with  the  term  2(«  »  l>). 

We  Use  an  n.nwriati  re - eninmuhiti  re  matching  algmitlini  (of  Shekel  [81  ).  so  that  the-  associa¬ 
tive1  and  ecu  ii  unit  at  i  ve  properties  of  operators  ran  be  taken  into  account  m  applying  the  transfor¬ 
mation  rules  I  hus,  we  can  Use  tile  above  rule'  to  replace  a  sub'eutrnee  [true  and  B)  With  the* 
se  ntenc  e-  II  and  the  suhteini  (cl  1  h)  ‘  h  with  the  In  ill  it  *  2h 


true  and  ([(a) 
arid 

not  [if  r[b)  then  false) 


if  p(a,  h) 

then  a 
else  b 


By  repeated  application  of  transformation  rules,  this  goal  reduces  to 


and  r[b) 

— 

if  p(a,  b) 
then  a 

1 

1 

else  b 

If  one  of  the  given  goals  has  no  output  entry,  the  derived  output  entry  is  not  a  conditional 
expression:  it  is  simply  the  output  entry  of  t  he  other  given  goal.  If  neither  given  goal  lias  an  output 
entry,  the  derived  goal  has  no  output  entry  either  We  do  not  require  that  the  two  given  goals  he 
distinct,  we  may  apply  the  rule  to  a  goal  and  itself. 

We  have  presented  the  resolution  rule  as  it  applies  to  two  goals.  According  to  the  duality 
property  ol  tableaus,  however,  we  may  transform  an  assertion  into  a  goal  simply  by  negating  it. 
Therefore,  we  can  apply  the  rule  to  an  assertion  and  a  goal,  or  to  two  assertions. 

The  resolution  rule  may  be  restricted  by  a  polarity  stratojy  (Murray  i 82 j :  see  also  Manna  and 
Waldinger  : St)  ).  according  to  which  we  need  not  apply  the  rule  unless  some  occurrence  of  P  in 
f  is  "positive"  and  some  occurrence  of  "  in  0  is  "negative".  (Here  a  subsentencc  of  a  tableau  is 
regarded  as  positive  or  negative  if  it  is  within  the  cope  of  a  respectively  even  or  odd  number  of 
negation  connectives  Hat  h  assertion  is  considered  to  be  within  the  scope  of  an  implicit  negation; 
t  bus.  while  goals  are  posit  ive.  assert  ion-  are  negat  ive  The  (/-clause  "  of  a  siibsontence  ( if  P  then  £) 
is  considered  to  be  within  the  scope  ol  an  additional  implicit  negation.)  This  strategy  allows  us  to 
disregard  many  useless  applications  of  the  rule. 

Let  us  show  that  the  resolution  rule  is  sound:  that  is.  in  a  given  model  of  the  theory  and  for  a 
given  spec  ill  cut  ion.  the  meaning  of  the  I  al  dealt  is  the  same  before  and  aft  er  a|  iplical  ion  of  the  rule. 
It  actually  sullices  to  show  that,  it  the  derived  goal  is  true,  then  al  least  one  oi  the  given  goals  is 
true,  am!  it  the  given  output  entiles  are  suitable,  so  is  the  derived  output  entry. 

Suppose  the  derived  goal  [7  trui  anti  fp  false])  is  true.  Then  both  its  conjunct  s  f\true\  and 
u  fills r  are  true  We  distinguish  between  two  cases,  depending  on  whether  or  not  the  common 
subsentencc  -  is  I  rue  or  lube.  In  I  he  <  use  in  whit  h  "  is  I  rue,  I  lie  [ground)  goal  *\P\  has  the  same 
truth-value  a->  the  conjunct  firm.  that  is.  f\P\  is  true  In  I  lie  case  in  which  P  is  false,  the  goal 
s-  "  has  the  same  I  nil  h- value  as  tin  <  on  j  line  I  Z  j/u/.-i  ! ;  I  hat  is.  w  j  is  true.  Ill  el  I  her  case,  one 
ol  t  hr  two  given  goals,  f  \  " !  and  Z  j  "  is  true. 


Now  assume  that  the  given  output  entries  arc  suitable  To  show  that  the  derived  output  entry 
is  suitable,  we  suppose  that  i  he  derived  goal  is  true  and  establish  that  the  derived  output,  entry 
satisfies  the  input-output  condition  W’r  have  seen  that,  in  (he  rase  in  winch  P  is  true,  the  given 
goal  J  '■  is  true,  bei  ause  its  output  entry  s  is  suitable,  it  satisfies  the  input -out  put  condition. 
Similarly,  in  the  case  m  which  p  is  false,  the  term  t  satisfies  the  input -out  put  condition.  In  either 
rase,  then  fore,  the  conditional  expir.-mn  [if  "  then  s  rise,  t)  satisfies  (he  input -dll  pnl  condition, 
hilt  tills  Is  the  derived  output  entry. 


THE  RESOLUTION  RULE:  GENERAL  VERSION 


We  have  described  the  ground  version  of  the  resolution  rule,  which  applies  to  goals  with  no 
variables.  We  now  present  the  general  version,  which  applies  to  goals  with  variables.  In  this  case, 
we  can  apply  a  substitution  to  the  goals,  as  necessary,  to  create  a  common  Mibsentence. 


More  precisely,  suppose  our  tableau  contains  goals  7  and  Q.  which  have  no  variables  in  munuoti. 
(This  can  be  ensured  by  renaming  the  variables  of  the  rows  as  necessary,  according  to  the  renaming 
property.)  Suppose  further  that  some  of  the  subsentences  of  7  and  some  of  the  subsentenres  of  § 
are  unitiable.  with  a  most -general  unifier  0\  let  P 0  be  tin*  unified  subsentence.  Then  we  may  derive 
and  add  to  our  tableau  the  new  goal  obtained  by  replacing  all  occurrences  of  PO  in  7 II  with  true , 
replacing  all  occ  urrences  of  PO  in  00  with  false,  and  forming  the  conjunction  of  the'  results.  The 
associated  output  entry  is  a  conditional  expression  whose  test  is  the  unified  subsentence  PO  and 
whose  Mca-clause  and  e/.ve-clause  are  the  corresponding  instance's  sO  and  10.  respectively,  of  the 
given  out  put  entries. 

In  ntle  r  words,  to  apply  the  general  version  of  the  rule  to  7  and  C,  we  apply  the  ground 
version  of  I  he  rule  to  70  and  Ct).  The  soundness  of  the  general  version  follows  from  the  soundness 
of  the  ground  version.  The  polarity  strategy  applies  as  before.  If  we  wish  to  apply  the  rule  to  an 
assertion  and  a  goal  or  to  two  assertions,  we  can  regard  the  assertions  as  goals  by  negating  them, 
as  in  t  he  ground  case. 


For  example,  suppose  our  tableau  contains  the  rows 


The  boxed  subscnlences  are  umfiable;  a  most-general  unifier  is 


12 


The  subsentences  arc  respectively  positive  and  negative,  as  indicated  by  the  annotation.  We  may 
regard  the  assertion  as  a  goal  by  negating  it.  By  application  of  tin  general  version  of  the  resolution 
mle,  we  may  derive  the  new  row 


true  and 

/'(/(« -  b)) 

and 

!/(/('«■  b)) 

nut  •' 

1 

then  false\ 

By  the  application  of  true-false  transformation  rules,  this  goal  reduces  to 


Note  that  the  unifier  0  has  been  applied  to  all  variables  in  the  given  rows,  including  those  in  the 
output  entry.  Because  Ihe  given  assertion  has  no  output  entry,  the  derived  output  entry  is  not.  a 
conditional  expression.  This  application  of  the  rule  is  in  accordance  with  the  polarity  strategy. 


Till'  resolution  rule  and  the  true-false  transformation  rules  have  been  shown  hy  Murray  [82]  to 
constitute  a  complete  system  for  first-order  logic.  The  polarity  strategy  maintains  this  complete¬ 
ness. 

We  use  an  associat ive-commutative  unification  algorithm  (as  m  Slicked  [Si))  so  that  the  as¬ 
sociative  and  comnmtat  ive  properties  of  such  operators  as  addition  and  conjunction  can  bo  taken 
into  account  in  finding  a  unifier;  thus,  7 >(f(x)  +  (b  + ;/(«)))  can  be  unified  with  /'(('/(;/)  f  f(b))  t  i). 

We  have  introduced  two  additional  rules  to  give  special  treatment  to  equality  and  other  im¬ 
portant  relations  (Manna  and  Waldiuger  [85]),  but  these  rub's  play  no  part  in  (be  portion  of  the 
derivation  to  be  discussed. 

We  shall  need  the  induction  rule;  this  we  describe  next. 

THE  MATHEMATICAL  INDUCTION  RULE 

The  rules  presented  so  far  do  not  allow  us  to  introduce  any  repetitive  construct  into  the 
pro; 'ram  1  icing  derived  The  induel  ion  rule  account  s  lor  Ihe  ini  rod  net  ion  o|  recursion  in  I  lie  derived 
program.  We  employ  a  single  wcll-louudcd  induction  rule,  which  applies  to  a  variety  ol  theories. 

A  well-founded  relation  is  one  that  admits  no  infinite  decreasing  sequences,  i.e.,  sequences 
i[,r 2,^3 . such  that 

f-7  find  x2  >w  -t-3  nnd.  .  . 

For  in-tame,  the  less-lhan  relation  <  is  well-founded  in  the  I  Ivory  of  uonnegat  ive  integers,  but 
not  111  lie  ihiory  of  real  numbers. 


Thi'  viTsiun  of  the'  wrll-foundid  induction  ruh*  w<*  nerd  for  the  derivation  is  expressed  as  follows 
(the1  general  version  is  more  complex): 

Suppose  our  initial  tableau  is 


assert  ions 


outputs 

r(,.\ 


In  olln'i*  words,  w<‘  are*  attempting  to  ccm.slrucl  a  program  /  that,  for  an  arbitrary  input  a,  yields 
an  output  z  satisfying  the  input -output  condition 

if  P[n | 

then  JZ  [a.  z\. 

A<  •cording  to  tin'  well-founded  induction  nil*',  we  limy  prove  this  assuming  as  our  induction  hy¬ 
pothesis  that  the  program  /  will  yield  an  output  f[.c)  satisfying  the  same  input-output  condition 

if  F[r\ 

then  k  [x,  /(x)] , 

provided  that  x  is  less  than  a  with  respect  to  some  well-founded  relation  that  is,  x  <w  a.  In 
other  words,  we  may  add  to  our  tableau  the'  new  assertion 


then  ,5  x,  f(x) ] 


The  well-founded  relation  <x„  used  in  the  induction  rule  is  arbitrary  .and  must  be  selected  later  in 
the  proof. 

For  example,  consider  the  initial  tableau  obtained  from  the  square-root  specification: 


assertions 


ouTpuTs 

_ ,1 


1 1 y  application  of  I  he  well-founded  induction  rule,  we  may  ini  induce  as  a  new  assertion  the  indue 
t  ion  liypot  hesis 


;  if 

(x. 

«■’)  ■<», 

(r,  f) 

tin 

r  n 

1 if  0  < 

x  and  0  <  v 

I 

i 

[ 

f  i 2 

| wirt[x,  u) j  < 

x  and 

thru  \ 

nut  ( fs</rt  ( X .  v) 

t  o] 2  <  :r) 

In  other  wools,  we  may  assume  inductively  that  the  output  of  tin-  square-root  program  we  const  met 
will  satisfy  the  input-output  condition  for  inputs  i  and  >>  that  are  less  than  the  yivcn  inputs  r  and 
<  with  respect  to  some  well-founded  relation 

1'se  of  tin  induction  hypothesis  in  the  proof  may  account  for  the  introduction  of  a  ret  ursive 
call  into  the  derived  program.  For  example,  suppose  that  in  the  square-root  derivation  we  manage 
to  develop  a  j'nal  of  form 

*  untl 

mi *  (  .V  iV 

The  boxed  siihsi  iitem  <  '  of  tins  '.pial  am!  the  induction  hypothesis  nr.  uniiiahle:  a  most -General 
unifier  is 

II  ( x  •  s.  r  .  r\  i  .  sr/rf (s,  d)  \ 

Tl.elrt'.i ,  A  r.u,  apply  the  resohlt  ion  rule  to  oh  I  ail  I  the  new  goal 

d '  true] 
and 

-f  w  {r.  ') 

nut  tin  n  ij  (t  s  and  0  •"  t> 
thru  f it l.i i: 

This  ;;oul  r-  dm  es  under  transformation  to 

Ci  tr ut: j 

|  ami 

j  (-■*.  <'>)  <w  (f. «) 

j  0  <  s  and  0  < 

Note  that  a  recursive  call  si/rt(, s.  />)  has  heen  introduced  mto  the  output  ('lit  ry  as  a  result  of 
this  step.  The  com  lit  loii  (I)  •-  s  a  ml  0  <  )  in  the  ;;<>al  ensures  the  legality  of  the  argument  s  .s  and 
Is.  i  t'.,  that  they  satisfy  the  input  condition  of  the  desired  proj'ram.  The  condition  (.s,  /i)  (r,  r) 

ensui  rs  t  l.at  the  evaluat  um  ol  the  recursive  call  cannot  lead  to  a  non  I  <  iiuinat  in;'  coin  put  at  ion .  (If 
there  were  an  infinite  computation,  we  could  roustrm  I  a  i  orrespondiin'  infinite  sequence  of  pairs 
of  aiipum  nl  s  ifei  reasiii;;  with  nspni  to  thus  coni  radiel  in;;  the  delimtion  of  a  well-founded 

relal  ion  ) 

rite  particular  Wei!  loimdcd  relation  --  relelTed  to  m  the  induction  hypothesis  is  not.  yet 
spec  died .  it  is  s<  lei  1 1  <1  at  a  [at  •  i  -I  aye  n|  I  lie  prool  II  we  allow  well -I  on  u  ded  re  I  at  ions  to  he  objects 
in  our  domain  we  m.iv  i  •••/., rd  the  sentence  j  -.  „.  i/  as  an  abbreviation  for  <(ws  s,  >/);  thus,  w 
is  a  variable  ili.it  may  h  iii't  anMated  to  a  particular  relation  We  assume  that  the  properties  of 
many  know  n  vn  il  ■!  out  ■■  !•  I  :  <  hit  i<  m-1  l-udi  as  ,  r, ,  .  the  proper- su  1  it  ree  relation  over  t  rees)  and  of 
I  unc  I  ions  |  or  comlm  i  ny  t  h  ■  m  arc  anion  y  the  assert  mu s  of  our  initial  I  ahleati. 

We  have  an  n  *  1 1  <  - 1 1 1 ,  p  I .  -I  V(  r-  ioi  i  ■  >1  lie  md  m  I  mu  rule,  which  is  applied  only  to  the  initial 

rows  o|  tin  I  a  I  ih  an;  m  its  ...  n>  i ,  t|  v<  i  su  m .  w  c  may  appl  v  I  lie  rule  to  any  of  the  rows,  and  we  may 


strength™  or  generalize  the  rows  to  which  the  rule  is  applied.  In  this  more'  general  version,  the 
rule  accounts  for  the  introduction  of  auxiliary  subprograms  into  the  program  being  constructed. 
We  shall  avoid  discussion  of  auxiliary  subprograms  here. 

We  are  now  ready  to  present  the  most  interesting  segment,  of  the  derivation  of  the  square-root 
program. 


THE  DERIVATION 


Recall  that ,  in  the  I  hcory  of  real  numbers,  t  lie  specification  for  the  real- number  square- r< ml  program 
is 


si/r/(r,  <)  find  z  such  that 

z1  <  r  and  not  [(z  t  <)2  <  r] , 
where  0  <  r  and  0  <  t . 

In  other  words,  we  want  to  find  an  estimate  z  that  is  within  a  tolerance  <  loss  than  sjr,  the  exact, 
square  root  of  r,  whore  we  may  assume  that  r  is  nonnegative  and  e  is  positive. 


W'e  begin  accordingly  with  the  tableau 


assertions 

geials 

out  puts 
sr/rt(r.  e) 

1.  0  <  r  and  0  <  e 

2.  He2  <  r  j  and  not  [(;•  f  e)2  <  r] 

2 

The  assertion  and  goal  of  Ibis  tableau  are  the  input  and  output  conditions,  respectively,  of  the 
given  specification:  the  output  entry  of  the  goal  is  the  output  variable  ol  the  program. 


THE  DISCOVERY  OF  DENARY  SEARCH 

We  are  about  to  apply  the  resolution  rule  to  goal  2  and  itself.  To  make  this  step  easier  t.o 
understand,  let  us  write  another  copy  of  goal  2. 


2'.  i2  r  mid  tin I  ( i  I  «  )2  <  r 


We  have  renamed  the  variable  of  the  second  copy  of  the  goal,  so  that  the  two  copies  have  no 
variable's  in  common. 

The  boxed  subsentences  of  the  two  copies  of  the  goal  are  umliable,  a  most -general  unifier  is 

0  :  {a --*  +  <}. 


Therefore',  we-  can  apply  the'  resolution  rule'  be-tweem  the-  two  eopii's  of  geial  2  to  obtain 


if  ( z  +  ( ) 2  <  r 
then  z  +  f 
else  z 


!  2  ^ 
true  and  not  [ (( i'  +  t)  +  r)  <  r] 

and 

z~<r  and  not  false 

By  application  of  transformation  rules,  including  the  rule 

u  -f  u  ->  2u, 

this  goal  can  he  reduced  to 


< 


(We  1,  ave  reordered  the  coujuncts  for  pedagogical  reasons  only;  because  we  use  associative-com¬ 
mutative  unitication.  their  actual  order  is  irrelevant.) 

According  to  goal  3,  it  suffices  to  find  a  rougher  estimate  z.  which  is  within  a  tolerance  2r  less 
than  v  r,  the  exact  square  root  of  r.  For  then  either  z  I-  c  or  i  itself  will  be  within  '  less  than  y/r, 
depending  on  whel  her  or  not  i  <  is  less  t hail  or  equal  to  y/r.  The  two  possibilit  ies  are  illust  rated 
below: 

sfr 

[ - j j 

z  z  4  c  z  T  2c 

Case:  i  t  r  <  y/'r 

Coal  3  contains  the  essential  idea  of  binary  search  as  applied  to  the  square- "ciot  proldem. 
Although  the  idea  seems  subtle  to  us.  it  appears  almost  immediately  in  the  derivation.  The  step 
is  nearly  inevitable:  any  brute-force  search  procedure  would  discover  it. 

The  derivation  of  goal  3  is  logically  straightforward,  but  the  intuition  behind  it  may  be  a  bit 
mysterious,  bet  us  paraphrase  t ho  reasoning  in  a  more  geometric  way  Our  initial  goal  2  expresses 
that  it  sullices  to  find  a  real  number  c  such  that  yjr  belongs  to  the  half-open  interval  tr,  c  f-  i). 
Our  rewritten  goal  2'  expresses  that  it  is  equally  acceptable  to  liml  a  real  number  such  that  y/r 
belongs  to  the  hall-open  inte  rval  [’.  z  t  c  )  We  shall  be  content  to  achieve  either  nl  these  goals; 
l  i‘  .  we  shall  be  happy  il  ^  r  belongs  to  either  ol  the  two  hall-open  intervals.  In  taking  .:  to  be 
c  t  c  .  we  are  colic  at  en.il  mg  I  lie  two  ml  n  vals.  obi  am  mg  a  new  ha  1 1  open  ini  er  val  \z,  z  \  2  c  )  I  wice 
the  length  ol  the  original  It  sullices  to  Imd  a  real  number  Z  such  that  /r  belongs  to  this  new, 
longer  interval,  because  I  lull  v  r  must  belong  to  one  or  the  other  ol  the  two  smaller  ones. 


Z  Z  <  Z  i  2c 

Case:  not  [i  f  c  <  y/r  ] 


INTRODUCTION  OF  THE  RECURSIVE  CALLS 

Let  iis  continue  the  derivation  one  more  step  By  the-  well-founded  induction  rule',  we  may 
introduce  the  induction  hypothesis 


j  if  (x,  v)  <w  ( r ,  i) 

|  then  if  0  <  x  and  0  <  v 

v|l!  5 " 

not  ( )s qrt(x,  u)  t  u]  <  x) 


III  other  words,  we  ;issuini'  inductively  that  the  output  s qrt\x,  v)  of  the  program  will  satisfy  the 
input-output  condition  for  any  inputs  x  and  v  suc  h  that  (x,  v)  <w  ( r .  c).  The  boxed  subsentences 
of  goal  3  and  the  induction  hypothesis  are  unitiable;  a  most-general  unifier  is 

0  :  {x  <—  r,  u  <—  2c,  i  <—  .sv//7(r,  2c)}. 


\V»>  obtain  (after  true-false  transformation) 


c  (r.  2<)  <w  (r,  c) 

if  [s qrt(r,  2c)  +  c]2  <  r 

and 

then  s<]rt(r ,  2c)  hr 

0  <  r  and  0  <  2c 

else.  sqrt{r,  2c) 

Note  that  at  this  point  three  recursive  calls  sc/r<(r.  2c)  have  been  introduced  into  the  output 
entry.  The  condition  (0  <  r  and  0  <  2c)  ensures  that  the'  arguments  r  and  2<  of  these  recursive 
calls  will  satisfy  the  input  condition  for  the  program,  that  r  is  nonnegative  and  2c  is  positive. 
The  condition  ( r .  2c)  -<„,  (r,  c)  ensures  that  the  newly  introduced  recursive  calls  cannot  lead  to 
a  nonterminal  ing  computation.  The  well-founded  relation  <w  that  serves  as  the  basis  for  the 
induction  is  as  yet  unspecified. 

We  omit  those  portions  of  the  derivation  that  account  for  the  introduction  of  the  base'  case 
and  the  choice  of  the  well-founded  relation.  The  final  program  we  obtain  is 

sc/r/(r,  c)  if  <  <  rnax(r ,  1) 

then  if  [sc/rt(r,  2<)  -P  <j2  <  r 
then  sc/rt(r,  2c )  -t-  c 
else  scyrf(r,  2c) 
else  0. 

A  few  words  on  this  program  are  in  order. 


DISCUSSION  OF  THE  PROGRAM 


The  program  first  checks  whether  the  error  tolerance  <  is  reasonably  small.  If  c  is  very  big, 
that  is.  il  mci/fr.  I)  •"  c.  then  the  output  can  -afely  be  taken  to  be  ().  For,  because  0  <  r,  we  have 

O2  <  r. 

And  because  inax[r.  1)  <  c.  we  have'  r  <"  c  and  I  <  c,  and  hence  r  <  c2  - 
nut  |  (I)  ;  <  )2  <  r  i . 


that,  is, 


18 


Tl .  .  ~  i’  i‘<  >i:< lit  :< >n  in  this  case. 

-r  m  tin.!'  a  rougher  estimate  si/rf ( r,  2<),  wliieh  is 
•vi’:..  '■  --  -k-  a  "I;.!  .ncreasiug  this  estimate  1  >v  >  will  leave  it  less 

•;.a:.  !'  '  .  •  !  .  ,  .  it  not .  the  rough  estimate  is  already  .'lose 

T:..  . .  ..  '  t  •.  .tie  !.e.  .him  t  he  argument  <  N  doubled  with 

e.i.' r  •  1 1  d  ! i  '  1 .  . :  ■  .  i . '  ■  :  •  i:.  !.  .vmd  ami  ret  m  ovc  i  all'  are  evaluated  only  in 

the  •  a  .  ■  '  r  '  i  -  • ...  .  .  -  . i  i!  , : .  i :  i ■  m  q<  :  borne  :■  >u  t  In  nu  n ■. i-mg  argument  s. 

More  ;>r>  >  . .  ’ ;  .•  w  •  .  :  ■  .  i  :  . .  u  r  m  -  ,  ■  t .  ■  1  u.  the  prool  i-  one  -.in  1:  t  hat 


provided  that  0  *.  ;/  ntu.rlr.  L) 

If  the  multip'r  occurrences  of  tl.r  leenrsive  ,  ,i|i  -tfrt  j  r.  2.)  an  (oinluii'i!  ’  >  ■■  elm.  mat  up/  com¬ 
mon  subexpressions,  the  program  we  ol.lain  is  r«  u.'".uubly  >  tin  ten:  it  r.  op  nr.  m./j  ;  r  ■!  rl  r.  t  !  1 .  ) 
recursive  calls. 

Our  final  program  is  somewhat  different  from  the  iterative  pr< ram  w  « on  n  ■!  in  the 
beginning.  The  iterative  program  divides  an  interval  m  half  it  ca<  h  U.  rut  mu  tl,.  ;.<ui  r><  program 
doubles  an  interval  with  each  recursive  call  Division  of  the  int  erv.il  in  half  oecur-  in. pa-  it  ly  as  the 
recursive  program  unwinds,  i.e..  when  the  recursive  calls  yield  output  values. 

It  is  possible  to  obtain  a  version  of  the  iterative  program  by  formal  derivation  within  the 
deduct  ive-tableau  system.  Although  the  derivation  and  the  risuiimg  program  are  more  complex 
(it  requires  two  additional  inputs),  it  was  tins  derivation  we  discovered  lirst.  because  we  were 
already  familiar  with  the  iterative  program. 

We  first  found  the  recursive  program  in  examining  I  he  consequences  of  purely  formal  derival  ion 
steps,  not:  because  we  expected  them  to  lead  to  a  program  hut  because  we  were  looking  for  strategic 
considerations  that  would  rule  them  out.  When  we  examined  the  program  initially,  we  suspected 
an  error  in  the  derivation.  We  had  not  seen  programs  of  this  form  before,  and  we  certainly  would 
not  have  constructed  this  one  by  informal  means. 


ANALOGOUS  ALGORITHMS 

Many  binary-search  algorithms  have  been  derived  in  an  analogous  way.  Let  us  first  consider  some 
other  real-miiuerical  problems. 


REAL-NUMBER  ALGORITHMS 

Suppose  a  program  to  perform  real-number  division  is  specified  as  follows: 

c/in(r,  s,  ()  find  r  such  that 

c  ■  s  <  r  and  not  [(c  t-  < )  ■  s  <  r] 
where  I)  <  r  and  0  <  s  and  0  <  r. 


Iii  other  words,  the  program  is  required  to  yield  a  real  number  z  that  is  within  a  tolerance  f  less 
than  r/.s,  the  exact  quotient  of  dividing  r  by  s.  We  obtain  the  program 

div(r ,  3,  e)  <=  if  c  ■  3  <  r 

then  if  [citw(r,  .s,  2c)  +  c]  •  s  <  r 
then  div(r,  3,  2c)  +  e 
else  div(r,  .s,  2c) 
else  0 

The  rationale  for  this  program,  like'  its  derivation,  is  analogous  to  that  for  the  real-number 
square  root.  The  program  first  checks  whether  the  error  tolerance  is  reasonably  small,  that  is,  if 
c  •  s  <  r.  If  c  is  very  big,  that  is,  if  r  <  <  •  s,  then  the  output  can  be  taken  safely  to  be  0.  For 
because  0  <  r,  we  have 

0  ■  a  <  r. 

And  because  r  <  c  ■  ,s,  we  have  r  <  (0  +  c)  ■  3,  that  is, 
not.  [(()  +  c)  •  s  <  r] . 

Thus,  0  satisfies  both  conjunets  of  the  output  condition  in  this  case. 

On  the  other  hand,  if  <  is  small,  that  is,  if  c  •  s  <  r,  the  program  finds  a  rougher  estimate 
<liv(r,  ,s,  2<).  which  is  within  2c  less  than  r/s.  The  program  considers  whether  ii  creasing  this 
estimate  by  <  will  leave  it  less  than  r/s.  If  so,  the  rough  estimate'  may  bo  increased  by  c;  if  not, 
t.h<'  rough  estimate  is  already  close  enough. 

The  termination  proof  for  this  program  is  also  analogous  to  that  for  the  square  root.  Although 
the  argument  <  is  doubled  with  each  recursive  call,  the  other  arguments  are  unchanged  and  the 
calls  are  evaluated  only  in  the  case  in  which  <  ■  n  <  r,  that  is,  <  <  r/s.  Thus,  there  is  a  uniform 
upper  bound  on  the  doubled  argument. 

It  may  be  clear  from  the  above  discussion  that  there  is  little  in  the  derivations  for  the  square- 
root  and  division  programs  I  hat  depends  on  the  proper  t  ies  of  these  fund  ions.  More  or  less  t  ho  same 
derivation  sulliees  to  find  an  approximate  solution  to  an  arbitrary  real-number  equation  f(z)  —  r. 

For  a  given  computable  him  lion  /.  we  consider  the  specification 

so /nc(r,  ()  find  r  such  that 

f(z)  <  r  and  not  [f{z  4  <)  <  r] 

where  f(a)  <  r  and  (/(tl)  <  r) 

Here  a  and  h  are  primitive  constants  and  u  is  a  variable.  In  other  words,  we  assume  that  there 
exist  real  numbers  a  and  It  such  that  /(a)  <  r  and  /(«)  >  r  for  every  real  it  greater  than  h.  The 


specification  is  illustrated  as  follows: 


Note  that  we  do  not  need  to  assume  /  is  increasing  or  even  continuous;  if  /  is  not  continuous, 
an  exact  solution  to  the  equation  /(a)  =  r  need  not.  exist,  but  only  an  approximate  solution  is 
required  by  the  specification. 


The  program  wo  obtain  is 

sulve(r,  c)  <£=  if  a  +  c  <  b 

then  if  f(solve(r,  2c)  +  t)  <  r 
then  solve(r,  2c)  +  e 
else  solve(r ,  2c) 
else  a. 

In  the  recursive  case,  in  which  a  +  c  <  6,  the  program  is  so  closely  analogous  t.o  the  previous 
binary-scan  h  programs  as  to  require  no  further  explanation.  In  the  base  case,  in  which  b  <  a  +  c, 
the  output  can  safely  be  taken  to  be  a.  For,  by  our  input  condition,  we  have 

/(«)  <  r 

and  (again  by  our  input  condition,  because  b  <  a  +  c) 
not  [/(«  +  i)  <  r]. 

Thus,  a  satisfies  both  conjuncts  of  the  output  condition  in  this  case. 


Tin'  above  program  may  be  regarded  as  a  schema,  because  we  may  lake'  the  symbol  /  to 
be  any  primitive  function  symbol.  An  even  more  general  binary-search  program  schema  can  bo 
derived  from  the  specification 


search (r,  <)  find  z  such  that 

7 >(r,  z)  and  not.  7 »(r, 


where  ji(a)  and 


if  b  <  u 
then  notp(r,u) 


M) 


where  p  is  a  primitive  relation  symbol  and  a  and  b  are  primitive  constants.  We  obtain  the  schema 

search (r,  r)  <=  if  a  +  c  <  b 

then  if  ;;(r,  ncarch(r,  2c) -ft) 
then  sr.are.h{r ,  2<)  +  c 
else  scar  eh  (r,  2<) 
else  a, 


21 


INTEGER  ALGORITHMS 

The  programs  we  have  discussed  apply  to  the  nonuegative  real  numbers;  using  the  same 
approach,  we  have  derived  analogous  programs  that  apply  to  the  nonnegative  integers.  These 
derivations  require  a  generalization  step  in  applying  the  induction  rule.  We  have  avoided  presenting 
generalization  and  tin'  concomitant  introduction  of  auxiliary  programs  in  this  paper,  but  we  give 
some  results  of  these  derivations  here. 

Integer  square  root 

The  integer  square-root  program  is  intended  to  find  the  integer  part  of  yjn,  the  real  square 
root  of  a  nonnegative  integer  n.  It  can  be  specified  in  the  theory  of  nonnegativc  integers  as  follows: 

.sqrt{n)  <=  find  z  such  that 

z2  <  n  and  nut[(z  +  l)2  <  n] . 

In  other  words,  the  program  must  yield  a  uonnegative  integer  z  that  is  within  1  less  than  >/n. 

In  the  course  of  the  derivation,  we  are  led  to  introduce  an  auxiliary  program  to  meet  the  more 
general  specification 

*qrt2(n,  i)  <=  find  z  such  that 

z2  <  n  and  not  [(2  t- t)2  <  n] 

when'  0  <  i. 

In  other  words,  we  wish  to  find  a  nonnegative  integer  2  that  is  within  1  less  than  y/n.  This  auxiliary 
specification  is  precisely  analogous  to  the  real-number  square-root  specification,  with  i  playing  the 
role  of  the  error  tolerance  f. 

The  programs  we  obtain  to  meet  these  specifications  are 
sv/7<(ri)  <=  sr/r/2(n,  l), 

where 

»qrt2(n,  i)  <=  if  i  <  n 

then  if  [,s<yr/2(u,  2t)  +  i]2  <  n 
then  sf/r/2(n,  2 1 )  Pi 
el.se.  si/r/.2(u,  2i) 
et.se.  I) 


Integer  quotient 

The  integer  quotient  program  can  lx*  specified  similarly: 

f/iio/(m,  ri)  <-  find  2  such  that 

2  ■  n  <  in  and  not  [(2  I  I )  •  u  <  m] 


where  0  <  n. 


22 

In  other  words,  wo  wish  to  had  a  nonnegativc  integer  z  that  is  within  1  loss  than  rn/n,  tho  real- 
number  quotient  of  rn  and  n. 

In  tho  course  of  the  derivation,  we  are  led  to  introduce  an  auxiliary  program  to  meet  the  more 
general  specification 

quot 3(m,  n,  i)  <=  find  r  such  that 

z  ■  n  <  rn  and  not^z  4-  t)  •  n  <  m] 
where  I)  <  n  and  0  <  i. 

hi  other  words,  wo  wish  to  find  a  nonnegative  integer  z  that  is  within  i  less  than  rn/n. 

Tho  programs  obtained  to  meet  these  specifications  arc 

q unt(rn,  n)  qut)(3(m,  n,  1) 

where 

qunto(rn,  n,  i)  ■<=  xf  i  ■  n  <  m 

then  if  [ quot.3(m ,  n,  2 i)  +  i]  •  n  <  m 
then  quot'Z(rn.  n,  2 1)  +  t 
else  qunl3{rn ,  n,  2 i) 
else.  0. 

Tin-  derivation  is  again  analogous. 


DISCUSSION 


Tin1  derivations  were  first  discovered  manually  the  real-number  square- root  derivation  was 
subsequent  ly  reproduced  by  Yell  in  in  an  iut  erne  I  i  ve  program-sy  nl  hesis  system.  The  '.inly  automatic 
implement  at  ion  o|  the  system  (.11  usseli  18. ‘i[ )  is  uuabh'  to  const  nut  I  he  derival  ion  for  a  simple  reason: 
it  never  attempts  to  apply  the  resolution  rule  to  a  goal  and  itself. 

The  results  of  t  his  invest  igalion  rm  counter  to  our  usual  experience.  It  is  common  for  a  bit  of 
reasoning  that  seems  simple  and  intuitively  straightforward  to  turn  out  to  be  difficult  to  formalize 
and  more  difficult  still  to  duplicate  automatically.  Here  the  opposite  is  true:  an  idea  that  requires 
a  substantial  leap  of  human  ingenuity  to  discover  is  captured  mechanically  in  a  few  easy  formal 
st  eps. 


ACKNOWLEDGMENTS 

We  would  like  to  thank  Me.rlin  Abadi,  Yoni  Malachi.  Erie  Muller,  Mark  Stiekel,  Jonathan 
Traugott,  and  Frank  Yefim  for  discussions  and  helpful  suggestions  on  the  subject  of  this  paper. 


23 


REFERENCES' 

Dershowitz  and  Manna  [77] 

N.  Dershowitz  and  Z.  Manna,  The  ('volution  of  programs:  Automatic  program  modifica¬ 
tion,  IEEE  Transactions  on  Software  Engineering ,  Vol.  SE-3,  No  G,  November  1977,  pp. 
377  385. 

Manna  and  Waldinger  [80] 

Z.  Manna  and  R  Waldinger,  A  deductive  approach  to  program  synthesis,  ACM  Transac¬ 
tions  on  Programming  Languages  and  Systems ,  Vol.  2,  No.  1,  January  1980,  pp.  90  121. 

Manna  and  Waldinger  [85] 

Z.  Manna  and  R  Waldinger,  Special  relations  in  automated  deduction,  Journal  of  the 
ACM ,  1985,  to  appear. 

Murray  [82] 

N  V.  Murray,  Completely  nonclausal  theorem  proving,  Artificial  Intelligence,  Vol.  18, 
No.  1,  1982,  pp.  G7-85. 

Robinson  [79] 

J.  A.  Robinson,  Logic:  Form  and  Function,  North-Holland,  New  York,  N.  Y.,  1979. 
Russell  [83] 

S.  Russell,  PSEUDS:  A  programming  system  using  deductive  synthesis,  Technical  Report, 
Computer  Science  Department,  Stanford  University,  Stanford,  Calif.,  September  1983. 

Smith  [85] 

D.  R.  Smith,  Top-down  synthesis  of  simple  divide-and-conquer  algorithms,  Artificial  In¬ 
telligence,  1985,  to  appear. 

Stickel  [81] 

M.  E.  Stickel.  A  unification  algorithm  for  associative-commutative  functions,  Journal  of 
the  ACM,  Vol.  28.  No.  3,  July  1981,  pp.  423  434. 

Wensley  [59] 

J.  11.  Wensley,  A  class  of  nonanalytical  iterative  processes,  Computer  Journal,  Vol.  1, 
January  1959,  pp.  1G3-1G7. 


May  1985 


Report  No.  STAN-CS-85-1051 


AFOSR.TR.  &6-2i§4 

Special  Relations  in  Automated  Deduction 


by 


Zohar  Manna 
Richard  Waldingcr 


Department  of  Computer  Science 

Stanford  University 
Stanford,  CA  94305 


SPECIAL  RELATIONS  IN  AUTOMATED  DEDUCTION 


Zohar  Manna  Richard  Waldinger 

Computer  Science  Department  Artificial  Intelligence  Center 

Stanford  University  SRI  International 


ABSTRACT 

Two  deduction  rules  are  introduced  to  give  streamlined  treatment  to  relations  of  special  importance  in  an 
automated  theorem-proving  system.  These  rules,  the  relation  replacement  and  relation  matching  rules,  gen¬ 
eralize  to  an  arbitrary  binary  relation  the  paramodulation  and  El-resolution  rules,  respectively,  for  equality, 
and  may  operate  within  a  nonclausal  or  clausal  system.  The  new  rules  depend  on  an  extension  of  the  notion 
of  polarity  to  apply  to  subterms  as  well  as  to  subsentences,  with  respect  to  a  given  binary  relation.  The  rules 
allow  us  to  eliminate  troublesome  axioms,  such  as  transitivity  and  monotonicity,  from  the  system;  proofs  are 
shorter  and  more  comprehensible,  and  the  search  space  is  correspondingly  deflated. 


1.  INTRODUCTION 

In  any  theorem-proving  system,  the  task  of  representing  properties  of  objects  is  shared  between  axioms 
and  rules  of  inference.  The  axioms  of  the  system  are  easier  to  introduce  and  modify,  because  they  are 
expressed  in  a  logical  language.  However,  because  axioms  are  declarative  rather  than  imperative,  they  are 
given  no  individual  heuristic  controls.  The  rules  of  inference,  on  the  other  hand,  cannot  be  altered  without 
reprogramming  the  system,  and  they  are  usually  expressed  in  the  system’s  programming  language.  However, 
the  rules  can  be  given  individual  heuristic  controls  and  strategies. 

It  is  customary  to  use  rules  of  inference  to  express  properties  of  the  logical  connectives,  which  are  the 
same  from  one  theory  to  the  next,  and  to  use  axioms  to  express  properties  of  constants,  functions,  and 
relations,  which  may  vary.  It  is  hazardous,  however,  to  express  certain  properties  of  functions  and  relations 
by  axioms.  Some  properties  of  the  equality  relation,  for  example,  are  rarely  represented  axiomatically.  For 
one  thing,  in  a  first-order  system  indefinitely  many  axioms  are  necessary  to  represent  the  substitutivity 
property  of  this  relation,  depending  on  how  many  function  and  relation  symbols  are  in  the  vocabulary  of 
the  theory. 

For  instance,  for  a  binary  function  symbol  f(x,y),  we  must  introduce  two  functional- substitutivity  ax¬ 
ioms, 

if  x  =  y  if  x  —  y 

then  f(x,z )  =  f(y,  z)  then  f(z,x )  =  f{z,  y), 

and  for  a  binary  predicate  symbol  p{x,y),  we  must  introduce  two  predicate-substitutivity  axioms, 

»/  x  =  y  and  */  x  =  y 

then  if  p[x,z)  then  p{y,z)  then  if  p(z,x)  then  p{z,y). 

An  abbreviated  version  of  this  paper  appears  in  the  proceedings  of  the  Twelfth  International  Colloquium 
on  Automata.  Languages,  and  Programming  (ICALP),  Nafplion,  Greece,  July  1985. 

This  research  was  supported  in  part  by  the  National  Science  Foundation  under  grants  MCS-82- 14523 
and  MCS-8 1-05505.  by  the  Defense  Advanced  Research  Projects  Agency  under  contract  N00039-84-C-021 1, 
by  the  I'nit-  d  States  Air  Force  Office  of  Scientific  Research  under  contract  AE’OSR-81-0014,  by  the  Office 
of  Naval  Research  under  contract  N 000 1 4-84-C-0706,  and  by  a  contract,  from  the  International  Business 
M  iclune-  Corporation . 


2 


l.  Introduction 


(We  tacitly  quantify  variables  universally  over  the  entire  sentence.)  In  general,  for  each  n-ary  function 
symbol  f(x Jt  .  .  .  ,  x„),  we  introduce  n  functional- sustitutivity  axioms.  Similarly,  for  each  n-ary  predicate 
symbol  p(x[,  .  .  .  ,  xn),  we  introduce  n  predicate- substitutivity  axioms. 

More  importantly,  axioms  for  equality  are  difficult  to  control  strategically,  because  they  have  many 
irrelevant  consequences.  An  axiom  such  as  transitivity, 

t f  x  =  y  and  y  =  z 
then  x  =  z, 

will  allow  us  to  derive  logical  consequences  from  any  sentence  mentioning  the  equality  relation.  Few  of  these 
consequences  will  have  any  bearing  on  the  proof. 

In  response  to  this  problem,  some  theorem-proving  researchers  have  paraphrased  their  theories  to  avoid 
explicit  mention  of  the  equality  axiom  (e.g.,  Kowalski  [79]).  Others  have  adopted  special  inference  rules  for 
dealing  with  equality.  In  resolution  systems,  two  equality  rules,  paramodulation  (Wos  and  Robinson  [69]) 
and  E-resolution  (Morris  [69])  have  been  found  to  be  effective.  Variations  of  these  rules  are  used  in  many 
theorem  provers  today  (e.g.,  Boyer  and  Moore  [79],  Digricoli  [83]).  By  a  single  application  of  either  of  these 
rules,  we  can  derive  conclusions  that  would  require  several  steps  if  the  properties  of  equality  were  represented 
axiomatically.  The  proofs  are  markedly  shorter,  and  the  search  spaces  are  even  more  dramatically  compressed 
because  the  axioms  and  intermediate  steps  are  not  required.  Within  their  limited  domain  of  application, 
theorem-proving  systems  using  these  rules  surpass  most  human  beings  in  their  capabilities. 


SPECIAL  RELATIONS 

The  authors  became  involved  in  theorem  proving  because  of  its  application  to  program  synthesis,  the  deriva¬ 
tion  of  a  program  to  meet  a  given  specification.  We  have  been  pursuing  a  deductive  approach  to  this  problem, 
under  which  computer  programming  is  regarded  as  a  theorem-proving  task.  In  the  proofs  required  for  pro¬ 
gram  synthesis,  certain  relations  assume  special  importance.  Again  and  again,  proofs  require  us  to  reason 
not  only  about  the  equality  relation,  but  also  about  the  less-than  relation  <  (over  the  integers  or  reals), 
the  subset  relation  C,  the  sublist  relation  <utti  or  the  subtree  relation  <trec  To  represent  the  transitivity 
and  other  properties  of  these  relations  axiomatically  leads  to  many  of  the  same  problems  that  were  faced 
in  dealing  with  equality:  the  axioms  apply  almost  everywhere,  spawning  innumerable  consequences  that 
swamp  the  system.  Yet  we  would  not  want  to  implement  a  new  inference  rule  for  each  of  the  relations  we 
find  important. 

Both  the  paramodulation  and  the  El-resolution  rules  are  based  on  the  substitutivity  property  of  equality, 
that  if  two  elements  are  equal  they  may  be  used  interchangeably;  i.e.,  for  any  sentence  P(x,  y),  the  sentence 

if  x  =  y 

then  if  P\X,  y)  then  P{y,  x) 

is  valid.  Here  r:'y.  r)  is  the  result  of  replacing  in  P(x,  y)  certain  (perhaps  none)  of  the  occurrences  of  x  with 
y,  and  certain  (pet  haps  none)  of  the  occurrences  of  y  with  x.  (The  notations  we  use  here  informally  will  bo 
defined  systematically  later  on.  We  assume  throughout  that  sentences  are  quantifier-free.) 

We  observe  that  many  of  the  relations  we  regard  as  important  exhibit  substitutivity  properties  similar 
to  the  above  pioperty  of  equality,  but  under  restricted  circumstances.  For  example,  over  the  nonnegative 
integers,  we  ran  show  that 


if  x  ■  y 

then  if  i  <  x  b 

the i  a  <  y  b 


l.  Introduction 


3 


and,  over  the  lists,  we  can  show  that 

»/  *  <i,,t  y 
then  if  u  £  i 

then  uci/. 

Knowing  that  x  <  y  or  that  z  ,  y  does  not  allow  us  to  use  x  and  y  interchangeably,  but  it  does  allow  us 
to  replace  certain  occurrences  of  z  with  y,  and  vice  versa. 

Based  on  such  substitutivity  properties,  we  can  introduce  two  deduction  rules  that  generalize  the 
paramodulation  and  E-resolution  rules  for  equality  to  an  arbitrary  relation,  under  appropriate  circumstances. 
Just  as  the  equality  rules  enable  us  to  drop  the  transitivity  and  substitutivity  axioms  for  equality,  the  new 
relation  rules  enable  us  to  drop  the  corresponding  troublesome  axioms  for  the  relations  of  our  theory. 


POLARITY 

For  the  equality  relation,  knowing  that  z  =  y  allows  us  to  replace  in  a  given  sentence  any  occurrence  of 
x  with  y  and  any  occurrence  of  y  with  z,  obtaining  a  sentence  that  follows  from  the  given  one.  For  an 
arbitrary  binary  relation  knowing  that  x  y  still  may  ar'w  us  to  replace  certain  occurrences  of  z  with  y 
and  certain  occurrences  of  y  with  z.  We  describe  a  syntactic  procedure  that,  for  a  given  relation  identifies 
which  occurrences  of  z  and  y  in  a  given  sentence  can  be  replaced,  provided  we  know  that  x  y. 

More  precisely,  we  identify  particular  occurrences  of  subexpressions  of  a  given  sentence  as  being  positive 
(-*-),  negative  (  — ),  or  both,  or  neither,  with  respect  to  If  z  -*  y,  positive  occurrences  of  z  can  be 

replaced  with  y,  and  negative  occurrences  of  y  can  be  replaced  with  z.  In  other  words,  we  can  establish  the 
substitutivity  property  that,  for  any  sentence  P (x+ ,  y~),  the  sentence 

»/  z  H  y 

then  if  P  (x+ ,  y~)  then  P  (y+  ,  z~) 

is  valid  (over  the  theory  in  question).  Here  P (y+ ,  x~)  is  the  sentence  obtained  from  P( z+ ,  y"  )  by  replacing 
certain  positive  occurrences  of  z  with  y  and  certain  negative  occurrences  of  y  with  z.  With  respect  to  the 
equality  relation,  every  subexpression  is  both  positive  and  negative;  therefore,  if  we  take  -*  to  be  — ,  this 
property  reduces  to  the  substitutivity  of  equality. 

Our  new  rules  are  based  on  the  above  substitutivity  propci ty  just  as  the  equality  rules  are  based  on  the 
substitutivity  of  equality.  The  new  rules,  like  the  equality  rules,  allow  us  to  perform  in  a  single  application 
inferences  that  would  require  many  steps  in  a  conventional  system.  Proofs  are  shorter  and  closer  to  an 
intuitive  argument,  the  search  space  is  condensed  accordingly. 


NONCLAUSAL  DEDUCTION 

The  paramodulation  and  E-resolution  rules  are  formulated  for  sentences  in  clausal  form  (a  disjunction  of 
atomic  sentences  and  their  negations);  on  the  other  hand,  the  two  corresponding  rules  we  introduce  apply  to 
free-form  sentences,  with  a  full  set  of  logical  connectives  (cf.  Manna  and  Waldinger  [80  ,  Murray  1 8 2 j ,  Stickel 
; 8 2 j ) .  By  adopting  such  a  nonclausal  system,  we  avoid  the  proliferation  of  sentences  and  the  disintegration 
of  intuition  that  accompany  the  translation  to  clausal  form.  Also,  it  is  awkward  to  express  the  mathematical 
induction  principle  in  a  clausal  system,  because  we  must  do  induction  on  sentences  that  may  require  more 
than  one  clause  to  express.  On  the  other  hand,  our  rules  are  also  immediately  and  directly  applicable  to 
clausal  theorem-proving  systems. 


4 


2.  Preliminaries 


OUTLINE 

In  the  following  section,  Preliminaries,  we  sketch  the  basic  concepts  of  logic  that  we  use  in  this  paper  and 
we  briefly  outline  a  nonclausal  deduction  system.  Readers  who  are  familiar  with  this  material  should  skim 
the  section  anyway,  to  become  acquainted  with  our  terminology  and  notations. 

In  Relational  Polarity  we  introduce  our  central  notion,  the  polarity  of  a  subexpression  of  a  sentence 
with  respect  to  a  given  relation. 

We  then  describe,  in  The  Relation  Replacement  Rule,  a  new  deduction  rule  that  allows  us  to  replace 
a  subexpression  of  a  sentence  with  another  expression,  under  a  wide  variety  of  circumstances.  This  is  our 
generalization  of  the  paramodulation  rule. 

The  rules  in  our  system  can  be  applied  when  two  subexpressions  can  be  unified.  However,  our  second 
deduction  rule,  described  in  The  Relation  Matching  Rule,  allows  us  to  draw  a  conclusion  even  though 
two  subexpressions  fail  to  unify.  (Typically  this  rule  is  applied  when  the  two  subexpressions  “nearly”  unify.) 
This  is  our  generalization  of  the  E-resolution  rule. 

In  Strengthening  we  tighten  up  our  theory  of  polarity  to  allow  the  relation  replacement  rule  to  draw 
a  stronger  conclusion,  in  many  circumstances. 

In  Extensions,  we  indicate  how  the  notions  in  this  paper  can  be  extended  to  apply  to  sentences 
which  contain  explicit  quantifiers  and  to  define  polarity  with  respect  to  functions  as  well  as  relations;  we 
develop  more  general,  conditional  versions  of  all  the  rules;  and  we  show  how  our  results  apply  to  problems 
in  automated  planning. 


2.  PRELIMINARIES 


Before  we  can  define  our  central  notion,  that  of  polarity  of  a  subexpression  with  respect  to  a  relation,  we 
must  introduce  some  concepts  and  notations.  We  will  be  brief  and  informal,  because  we  believe  that  this 
material  will  be  familiar  to  most  readers. 


EXPRESSIONS 

We  consider  terms  composed  (in  the  usual  way)  of  the  following  symbols: 

•  The  constant  symbols  a,  6,  c,  aj,  .  .  .  ,  s,  t,  and  special  constants  such  as  0. 

•  The  variable  symbols  u,  v,  w,  x,  y,  ult  .... 

•  The  n-ary  function  symbols  f,g,h,f i,  ...  and  special  symbols  such  as  +. 

Thus  a,  x,  f(a ,  x),  and  /(a,  x)  +  0  are  terms. 

We  consider  propositions  composed  (in  the  usual  way)  from  terms  and  the  following  symbols: 

•  The  truth  symbols  (logical  constants)  true  and  false. 

•  The  n-ary  relation  symbols  p,q,r,pi,  ...  and  special  symbols  such  as  =  and  <. 

Thus  true  and  p(a>  ?(*))  are  propositions. 

We  consider  sentences  composed  (in  the  usual  way)  from  propositions  and  the  following  symbols: 

•  The  logical  connectives  not,  and,  or,  if-tken,  =  (if-and-only-if) ,  if-then-else. 


2.  Preliminaries 


5 


Thus  (a  <  0)  or  not(p(a ,  g(x) ) )  is  a  sentence. 

The  operators  consist  of  the  function  and  the  relation  symbols.  The  expressions  consist  of  the  terms  and 
the  sentences.  Note  that  we  do  not  include  the  quantifiers  V  and  3  in  our  language.  The  ground  expressions 
are  those  that  contain  no  variables.  The  expressions  that  occur  in  a  given  expression  are  its  subexpressions. 
They  are  said  to  be  proper  if  they  are  distinct  from  the  entire  expression. 


REPLACEMENT 

We  introduce  the  operation  of  replacing  subexpressions  of  a  given  expression  with  other  expressions.  We 
actually  have  two  distinct  notions  of  replacement,  depending  on  whether  or  not  every  occurrence  of  the 
subexpression  is  to  be  replaced. 

Suppose  s,  £,  and  e  are  expressions,  where  s  and  t  are  either  both  sentences  or  both  terms.  If  we  write 
e  as  ejsj,  then  ejtj  denotes  the  expression  obtained  by  replacing  every  occurrence  of  s  in  e[s]  with  t;  we  call 
this  a  total  replacement.  If  we  write  e  as  e(s),  then  e(t)  denotes  the  expression  obtained  by  replacing  certain 
(perhaps  none)  of  the  occurrences  of  s  in  e(s)  with  f;  we  call  this  a  partial  replacement. 

When  we  say  we  replace  certain  (perhaps  none)  of  the  occurrences  of  s,  we  mean  that  we  replace  zero, 
one,  or  more  occurrences.  We  do  not  require  that  ejs]  or  e{s)  actually  contain  any  occurrences  of  s;  if  not,  e[t] 
and  e(t )  are  the  same  as  ejsj  and  e(s),  respectively.  Also,  while  the  result  of  a  total  replacement  is  unique, 
a  partial  replacement  can  produce  any  of  several  expressions. 

For  example,  if  ejs]  is  p(s,  s,  fc),  then  e[t\  is  p(t ,  t,  b).  On  the  other  hand,  if  e(s)  is  p(s,  s,  fc),  then  e(t)  could 
be  any  of  p(s,  s,  b),  p(t,  s,  b),  p(s,  t,  b),  or  p(t,  t,  b).  If  we  want  to  be  more  specific  about  which  occurrences 
are  replaced,  we  must  do  so  in  words. 

A  partial  replacement  is  invertible,  in  the  sense  that  any  sentence  e(s)  can  be  retrieved  by  replacing 
certain  occurrences  of  t  in  e(t)  with  s.  The  occurrences  of  t  to  be  replaced  are  precisely  the  ones  introduced 
in  obtaining  e{t)  in  the  first  place.  For  example,  if  e(s)  is  p(s,s,  t),  and  e(t)  is  p(s,t,t),  then  e(s)  can  be 
retrieved  by  replacing  the  newly  introduced  occurrence  of  t  in  e(t)  with  s. 

Total  replacement,  on  the  other  hand,  is  not  invertible  in  the  same  sense.  For  example,  if  ejs]  is  p(s,  s,  t), 
then  ejtj  is  p(t,t,t),  and  ejsj  cannot  be  obtained  from  e[t]  by  replacing  every  occurrence  of  t  in  ejfj  with  s. 


MULTIPLE  REPLACEMENT 

We  can  extend  the  definition  to  allow  the  replacement  of  several  subexpressions  at  once: 

Suppose  a  i ,  ...,sn,£i,  ...,tn,  and  e  are  expressions,  where  the  s,  are  distinct  and,  for  each  t,  s, 
and  t,  are  either  both  sentences  or  both  terms.  If  we  write  e  as  ejsj,  .  .  .  ,  s„],  then  ejti,  .  .  .  ,£n]  denotes 
the  expression  obtained  by  replacing  simultaneously  every  occurrence  of  each  expression  s,  in  e  with  the 
corresponding  expression  t,;  we  call  this  a  multiple  total  replacement.  If  we  write  e  as  e(sit  .  .  .  ,sn),  then 
e{ti,  ...,£„)  denotes  any  of  the  expressions  obtained  by  replacing  simultaneously  certain  (perhaps  none)  of 
the  occurrences  of  some  of  the  expressions  s,  in  e  with  the  corresponding  expression  £,;  we  call  this  a  multiple 
partial  replacement. 

The  replacements  are  made  simultaneously  in  a  single  stage.  For  example,  if  eja,  fc]  is  /(a,fc),then  e  fc,  c] 
is  /(fc,  c).  On  the  other  hand,  if  e(a,  fc)  is  /(a,  fc),  then  e{fc,  c)  could  denote  any  of  f(a,  fc),  /(fc,  fc),  f(a,  c).  or 
/(fc,c).  Even  though  a  is  replaced  by  fc  and  fc  is  replaced  by  c,  the  newly  introduced  occurrences  of  fc  are  not 
replaced  by  c. 

The  replacements  are  made  from  the  top  down.  For  example,  if  e\p(a,  fc),  a)  is  p(a,fc),  then  e'trur,  l  is 
true.  We  replace  both  ;( r.fc)  and  :,  but  a  is  a  subexpression  of  p(a,fc).  In  such  cases,  by  convention,  it  i?  the 


JJJJ SSS 


6 


2.  Preliminaries 


outermost  subexpression  that  is  replaced.  (For  the  corresponding  partial  replacement,  either  subexpression 
can  be  replaced.) 

By  attaching  a  numerical  superscript,  we  can  specify  exactly  how  many  subexpression  occurrences  are 
to  be  replaced  in  a  partial  replacement.  Suppose  Sj,  .  .  .,s„,fi,  .  .  .  ,  f„,  and  e(si,  .  .  .  ,  sn)  are  expressions 
and  k  is  a  nonnegative  integer,  where  the  a,-  are  distinct  and,  for  each  i,  a,  and  t,  are  either  both  sentences 
or  both  terms.  Then  e{ti,  .  .  .  ,tn)k  is  the  result  of  replacing  in  e(si,  .  .  .  , s„)  precisely  k  occurrences  of 
Si,  .  .  .  ,  sn  with  the  corresponding  expression  1 1,  ...  ,tn.  [We  assume  that  at  least  k  occurrenes  exist.] 

Note  that  precisely  k  occurrences  are  replaced  altogether.  For  example,  suppose  e(a,  6 )  is  c  <  /(a,  a,  6); 
then  e(a  +1,6+  l)2  could  denote  any  of 

c  <  /(a  +  1,  a  +  1,  6),  c  <  /(a  +  1,  a,  b  +  1),  or  c  <  /(a,  a  +  1,  6  +  1), 

but  not 


c  <  /(a  +  1,  a  +  1,  6  +  1)  or  c  <  /(a  +  1,  a,  6). 

We  may  also  write  e{ti,  t2,  .  •  •  ,  tn)fc,<  to  indicate  that  precisely  k  or  £  replacements  are  made  in  the  expression 

e(5t  i  s2i  •  •  •  i  Sn). 


SUBSTITUTIONS 

We  have  a  special  notation  for  a  substitution,  indicating  the  total  replacement  of  variables  with  terms.  A 
theory  of  substitutions  was  developed  by  Robinson  [65],  in  the  paper  in  which  the  resolution  principle  was 
introduced.  A  fuller  exposition  of  this  theory  appears  in  Manna  and  Waldinger  [81]. 

For  any  distinct  variables  ij,x2,  .  .  .  ,  x„  and  any  terms  ti,t2,  ...  ,tn>  a  substitution 

9-  {*i  <-  ti,  x2  «-  t2,  ...,x 

is  a  set  of  replacement  pairs  x,  < —  tx.  Note  that  there  are  no  substitutions  of  form  {x  «—  a,  x  •—  b,  .  .  .  }, 
where  a  and  6  are  distinct.  (If  a  and  b  are  identical,  then  the  set  {x  «—  o,  x  <—  a,  .  .  .  }  is  the  same  as  the  set 
{x  <—  a,  ...  }.)  The  empty  substitution  {  }  is  the  set  of  no  replacement  pairs. 

For  any  substitution  6  and  expression  e,  we  denote  by  e6  the  expression  obtained  by  applying  9  to  e, 
i . e . ,  by  simultaneously  replacing  every  occurrence  of  the  variable  x,  in  e  with  the  expression  t, ,  for  each 
replacement  pair  x,  <—  t,  in  8.  We  also  say  that  ed  is  an  instance  of  e.  For  example, 

p(x,  y){x  —  y,  y  —  a}  =  p(y,a). 

The  empty  substitution  {  }  has  the  property  that  e{  }  =  e  for  any  expression  e. 

Two  substitutions  9  and  X  are  said  to  be  equal  if  they  have  the  same  effect  on  any  expression,  i.e.,  if, 
for  any  expression  e, 

e  9  =  e  A . 

For  example. 

{'  •  y  —  6}  •=  {x  *- a,  y  —  b,  z  z}. 

Two  substitutions  "  and  X  are  equal  if  they  agree  on  all  variables,  i  e.,  if  r"  xA  for  all  variable.-,  x. 

For  any  variable  x,  term  t,  and  substitution  the  result 


2.  Preliminaries 


7 


of  adding  the  replacement  pair  x  «—  t  to  6  is  defined  to  be  the  substitution  that  replaces  x  with  t  but  agrees 
with  8  on  all  other  variables.  It  is  thus  defined  by  the  properties 

x((x  —  t)  o  8)  =  t 

y((x  «—  t)  o  8)  ~  yd,  for  all  variables  y  distinct  from  x. 

Note  that  8  may  already  replace  x  with  some  term  £';  if  so,  that  replacement  is  superseded  by  the  new  one. 
For  example, 

(y  —  6)  °  {  }  =  {y  —  6} 

*  u)  o  {y  <  6}  =  {x  <—  a,  y  «—  6} 

(y*-c)0{i<-o,j|e-i}  =  {x  —  a,  y  «-  c} 

(x  <-  x)  O  {x  «-  a}  =  {  }. 

We  write  (x  *—  t)  o  (y  ♦—  £')  o  8  as  an  abbreviation  for  [x  *—  t)  o  ((y  «—  t')  o 

The  composition  d\  of  two  substitutions  8  and  A  is  defined  by  the  properties 
{}A  =  A 

((i«-f)oS)A  =  (x  «—  tX)  o  (0A) 

for  all  variables  x  and  terms  t.  The  most  important  property  of  the  composition  function  is  that  applying 
the  composition  of  two  substitutions  6  and  A  to  an  expression  e  is  the  same  as  applying  first  one  and  then 
the  other;  that  is,  e(9 A)  =  {e8) A.  The  empty  substitution  can  be  shown  to  be  an  identity  under  composition; 
that  is,  {  }9  —  9{]  —  8,  for  all  substitutions  9.  Also,  composition  can  be  shown  to  be  associative;  that  is, 
0(Ap)  =  (9X)p  for  all  substitutions  9,  A,  and  p. 

The  definition  of  composition  suggests  a  way  of  computing  it.  For  example, 

{y  —  y(z)Hy  —  x,  z  *-  6}  =  (y  —  y(6))  O  {y  «-  X,  z  —  6} 

=  {y  *-  z  *-b) 

and  therefore 

{x  y,  y  «—  y(z)}{y  <-  x,  z  —  6}  =  (x  —  x)  o  {y  g(b),  z  *-  b} 

=  {y  g[b),  z  *-  6}. 

Note  that  the  composition  of  substitutions  is  not  commutative.  For  example,  {x  «—  y}{y  «—  x}  = 
{y  <-  x}  and  {y  —  x}{x  y}  =  {x  —  y},  but  {y  —  x}  ^  {x  «-  y}. 

A  substitution  8  is  said  to  be  more  general  than  a  substitution  8'  if  there  exists  a  substitution  A  such  that 
9 A  =  8’.  For  example,  the  substitution  8  :  {x  <—  y}  is  more  general  than  the  substitution  9'  :  {x  <—  a,  y  *—  a}, 
because 


0{y  *-  a}  =  {z  y}{y  —  a}  =  {*  —  a,y*-a}  =  9'. 

On  the  other  hand,  9  :  {x  <—  y}  is  not  more  general  than  the  substitution  :  {x  <—  a},  because  there  is  no 
substitution  A  such  that 

8\  =  {x  «—  y}A  =  {x  *—  a}  =  4>. 

A  substitution  is  regarded  as  more  general  than  itself,  because  8{  }  =  9  for  any  substitution  9.  It  is 
possible  for  two  distinct  substitutions  to  be  more  general  than  each  other.  For  example,  9  :  {x  *—  y}  and 
6'  :  {y  *—  x}  are  more  general  than  each  other,  because 


8 


2.  Preliminaries 


and 

0‘{x*-y}  =  {y  —  x}{x  <-  y)  =  {x*-y}  =  9. 

UNIFIERS 

A  substitution  9  is  said  to  be  a  unifier  of  two  expressions  e  and  e  if 
ed  =  e9, 

that  is,  if  ed  and  e9  are  identical  expressions.  Two  expressions  are  unifiable  if  they  have  a  unifier. 

For  example,  the  substitution 
6  :  {x  b,  y  «-  z) 
is  a  unifier  of  the  two  expressions 

e:f(x,z)  and  e:f(b,y), 

because  ed  =  ed  =  f(b,z).  Thus,  e  and  e  are  unifiable.  The  substitutions 
4>:  {x  —  b,  z  —  y} 

and 

p  :  {x  *—  b,  y  *—  w,  z  «—  w} 

are  also  unifiers  of  these  two  expressions.  Thus,  unifiers  of  expressions  are  not  unique. 

The  expressions  p(a)  and  p(b)  are  clearly  not  unifiable  and  neither  are  the  expressions  q[x,  /(x))  and 
q(g{y) ,  y)  ■  The  expressions  x  and  /(x)  are  also  not  unifiable.  Because  x  is  a  proper  subexpression  of  /(x),  we 
know  xd  is  a  proper  subexpression  of  (/(x))  d ,  for  any  substitution  0;  hence  xd  and  (f(x))d  are  not  identical. 

A  substitution  6  is  said  to  be  a  most-general  unifier  of  two  expressions  e  and  e  if  9  is  a  unifier  of  e  and  e 
and  if  9  is  more  general  than  any  unifier  of  e  and  e.  For  example,  the  distinct  substitutions  9  :  {x  «—  6,  y  «—  z) 
and  <f>  :  {x  «—  b,z  <—  y}  are  both  most  general  unifiers  of  the  expressions  e  :  }{x,z)  and  e  :  f(b,y).  Thus, 
most-general  unifiers  are  not  unique.  It  is  clear,  however,  that  all  most-general  unifiers  of  two  expressions 
are  equally  general ,  i.e.,  each  is  more  general  than  any  of  the  others. 

There  is  a  unification  algorithm  (Robinson  [65])  for  determining  whether  a  given  pair  of  expressions  is 
unifiable  and,  if  so,  for  producing  a  most  general  unifier. 

We  can  extend  the  notion  of  unifier  to  apply  to  a  list  of  pairs  of  expressions.  A  substitution  9  is  said  to 
be  a  simultaneous  unifier  of  the  list 

<<ei,e~i),  (e2,e~2),  («u>e7i)) 

of  pairs  of  expressions  if 

9  =  e) 9,  e20  =  e^O ,  .  .  .  ,  and  en9  =  e^d. 

(Note  that  we  do  not  require  that  ex8  =  e}9,  for  distinct  i  and  ;.)  We  may  also  say  that  9  is  a 

simultaneous  unifier  of  ei  and  el,  of  e2  and  e^ . and  of  en  and  en.  A  list  of  pairs  of  expressions  is 

simultaneously  unifiable  if  it  has  a  simultaneous  unifier. 

A  list  may  fail  to  be  simultaneously  unifiable  even  though  the  expressions  of  each  pair  it  contains  are 
unifiable  independently.  For  example,  the  list  of  pairs 


2.  Preliminaries 


9 


is  not  simultaneously  unifiable,  even  though  the  expressions  x  and  g(y)  are  unifiable,  by  the  substitution 
{x  <—  £?( y) } ,  and  the  expressions  f(x)  and  y  are  unifiable,  by  the  substitution  {y  «—  /(x)}. 

For  any  list  of  pairs  of  expressions,  a  simultaneous  unifier  is  most  general  if  it  is  more  general  than  any 
other  simultaneous  unifier. 

We  can  extend  the  notion  of  unifier  further  to  apply  to  a  list  of  lists  of  expressions.  A  substitution  8  is 
said  to  be  a  simultaneous  unifier  of  the  list 

{{0»c  l)Clj  •••)*  ■  *  •  )  i  *  *  *  i  (^fticnism 

of  lists  of  expressions  if 

ei  8  =  «i  8  =  e[8  =  ... 
e2&  =  S2&  —  e^8  =  ... 

en8  =  e~8  =  ?n8  =  .... 

We  may  also  say  that  6  is  a  simultaneous  unifer  of  <j,  e[,  el,  . .  .  ,  of  e?,  e?,  £2 . and  of  e„,  tn,en,  .... 

The  notion  of  most-general  simultaneous  unifier  and  the  unification  algorithm  may  be  extended  accordingly. 
The  notation  is  more  complex  but  the  concepts  are  the  same. 


SUBSTITUTION  AND  REPLACEMENT 


We  sometimes  find  it  convenient  to  use  the  replacement  and  substitution  notations  together.  Suppose  s,  t, 
and  e  are  expressions,  where  s  and  t  are  either  both  sentences  or  both  terms.  Let  8  be  a  substitution.  If  we 
write  e  as  e[s],  then 


«0[fl 


denotes  the  expression  obtained  by  replacing  every  occurrence  of  s8  in  e8  with  t.  If  we  write  e  as  e(s),  then 


e8{t) 


denotes  the  expression  obtained 


For  example,  consider  the  expression 

e  p{f(x,a))  or  q(f{x,y))  orr(f(b,a)) 


and  the  substitution 


8  :  {x  *-  6,  y  <—  a}. 

If  we  write  e  as  e\f(x,a)\,  then  e8\g(c)\  is 
p{g{c))  or  q(g{c))  or  r(g(c)). 

Note  that  two  of  the  replaced  occurrences  of  f(x,  a)8  in  ed  do  not  correspond  to  occurrences  of  f(x,a)  in  e; 
they  were  created  by  application  of  the  substitution  8. 


INTERPRETATIONS 

We  shall  use  the  Hei  brand  notion  of  interpretation,  in  which  the  elements  of  the  domain  are  identified  with 
the  terms  of  the  language. 


10 


2.  Preliminaries 


An  interpretation  I  is  an  assignment  of  truth  values,  either  T  (true)  or  F  (false),  to  every  ground 
proposition  (i.e. ,  to  every  proposition  that  contains  no  variables).  If  I  assigns  T  [or  F]  to  a  ground  proposition, 
that  proposition  is  said  to  be  true  [or  false ]  under  J .  The  truth  [or  falseness]  of  a  nonpropositional  ground 
sentence  under  an  interpretation  1  may  be  determined  from  that  of  its  propositional  constituents  by  the 
familiar  semantic  rules  for  the  logical  connectives. 

A  nonground  sentence  P  is  true  under  I  if  every  ground  instance  of  P  is  true  under  I;  otherwise,  P  is 
false  under  I .  Note  that,  according  to  this  definition,  free  variables  have  a  tacit  universal  quantification. 

We  can  now  define  the  notions  of  implication  and  equivalence  between  sentences.  The  sentences 
Pi,  Pi,  ?3,  •  •  ■  imply  a  sentence  Q  if,  for  any  interpretation  I , 

ii  Pi ,  P2,  Pi,  ...  axe  all  true  under  I , 
then  Q  is  true  under  1 . 

Note  that  if  P  implies  Q,  it  is  not  necessarily  the  case  that  the  sentence  (if  P  then  Q)  is  valid.  For 
example,  p(x)  implies  p(a),  because  free  variables  are  taken  to  be  universally  quantified.  But  the  sentence 
(if  p(x)  then  p(a))  is  not  valid:  its  instance  (if  p(b)  then  p( a))  is  false  under  any  interpretation  for  which 
p(6)  is  true  and  p(a)  is  false. 

Two  sentences  P  and  Q  are  equivalent  if,  for  any  interpretation  1 , 

P  is  true  under  J 
if  and  only  if 
Q  is  true  under  I . 

Hence  P  is  equivalent  to  Q  if  P  implies  Q  and  Q  implies  P.  For  example,  the  sentences  p(x )  and  p(y)  are 
equivalent. 

Lemma  (instantiation) 

For  any  sentence  7  and  substitution  9,  7  implies  79. 


Both  total  and  partial  replacement  exhibit  the  following  value  property: 

Suppose  P,  Q,  and  7  are  ground  sentences  and  J  is  an  interpretation.  Then 

if  P  and  Q  have  the  same  truth  value  under  I , 

then  7[P\  and  7\Q ]  have  the  same  truth  value  under  J. 


Also, 


if  P  and  Q  have  the  same  truth  value  under  J, 

then  7{P)  and  7(0. )  have  the  same  truth  value  under  J. 

A  corresponding  value  property  applies  to  multiple  replacements. 

Remark 

The  value  property  applies  only  to  ground  sentences,  not  to  sentences  with  variables.  For  instance,  let 
P  be  the  sentence  p(x),  let  Q  be  the  sentence  false ,  and  let  7\P\  be  the  sentence  (not  p(x)) .  Consider  an 
interpretation  I  under  which 

p(a)  is  true  and  p(b)  is  false. 

Then  (by  the  definition  of  truth  for  a  nonground  sentence)  p(x)  is  false  under  I  and  hence 
p(x)  and  false  have  the  same  truth  value  under  I. 


-w—_w  ■-  jr  V  •  U  ■"rr',*Yw  V'w  V  ^  U  »  V  ■  V  ■*  Y*r  Y~»  V*r  V'Tf  17W  V%»  t.-v 


2.  Preliminaries 

On  the  other  hand  (by  the  definition  again)  not  p[x)  is  also  false  under  I  and  hence 
(nolp(i))  and  (not  false)  do  not  have  the  same  truth  value  under  I, 
contradicting  the  conclusion  of  the  value  property. 


11 


THEORIES 

A  theory  is  a  set  of  sentences  T  that  is  closed  under  logical  implication:  If  T  implies  a  sentence  P  then  P 
belongs  to  T.  A  member  of  a  theory  T  is  also  said  to  be  valid  in  T. 

A  theory  T  is  said  to  be  defined  by  a  set  of  sentences  A  if  T  is  precisely  the  set  of  sentences  implied  by 
A.  We  shall  also  say  that  A  is  a  set  of  axioms  for  T. 

An  interpretation  I  is  said  to  be  a  model  for  a  theory  T  if  every  sentence  of  T  is  true  under  I . 


v- 


V. 


For  example,  let  T  be  the  set  of  sentences  implied  by  the  transitivity  axiom, 

if  x  -<  y  and  y  <  z 
then  x  ■<  z, 

and  the  irreflezivity  axiom, 
not  x  <  x. 


.* 


V 

3 


Then  T  is  a  theory,  defined  by  these  axioms.  The  asymmetry  property 

if  x  -<y 
then  not  y  -<  x 

is  a  (valid)  sentence  of  this  theory. 


RELATIONS 

We  need  some  special  terminology  for  speaking  about  relations.  Henceforth,  let  us  consider  a  particular 
theory.  When  we  speak  of  validity,  we  shall  mean  validity  in  that  theory. 

Let  p  and  q  be  n-ary  relations.  Then  we  say  that  p  implies  q  if 

if  p(*  1.3=2,  •■.,!«)  then  q(x!,x2,  ■  ■  ■ ,  Xn) 

is  valid  (in  the  theory  under  discussion).  We  also  say  that  p  is  equivalent  to  q  if 

p(xi,x 2,  .  .  .  ,zn)  =  q(x i,x2,  .  .  .  ,z„) 


is  valid. 

Let  -4  be  an  arbitrary  binary  relation.  We  shall  say  that,  over  a  given  theory,  -4  is  reflexive  if 
x  -4  x 

is  valid  (in  the  theory);  -4  is  irreflexive  if 
not  (z  x) 


A 


is  valid;  -4  is  total  if 

x  s  y  or  x  =  y  or  y  x 


>  a'afc  .V  .t  — 1^1  ■■  fca.Mai  I  *  Ai  ■  "l-V.  W.Tfc  \  r«  i  .1 


2.  Preliminaries 


12 

is  valid;  -4  is  transitive  if 

if  (z  -4  y  and  y  -4  z)  then  x  -4  z 
is  valid;  and  -4  is  symmetric  if 
if  x  -4  y  then  y  -4  x 

is  valid. 

We  regard  logical  connectives  as  relations  on  the  set  of  truth  values  {T,  f}.  For  instance,  the  implication 
connective  (if  P  then  <2)  is  the  relation  that  holds  if  P  has  value  F  or  if  P  and  Q  both  have  value  T;  we  may 
read  it  as  “ P  is  falser  than  (or  as  false  as)  Q.”  The  equivalence  connective  P  =  Q  is  simply  the  equality 
relation  on  {T,  F}.  Note  that,  viewed  as  binary  relations,  the  implication  connective  if-then  is  reflexive,  total, 
and  transitive,  and  the  equivalence  connective  =  is  reflexive,  transitive,  and  symmetric. 


ASSOCIATED  RELATIONS 

For  each  binary  relation,  we  shall  be  concerned  with  certain  associated  relations. 

Consider  an  arbitrary  binary  relation  x  -4  y  (read  as  “z  is  related  to  y”).  The  reflexive  closure  *  of  -4 
is  defined  by 

x*y  =  (x  -4y  or  x  =  y). 

The  irreflexive  restriction  -<  of  -4  is  defined  by 
x y  =  (z  -4  y  and  not  (x  =  y)) . 

The  inverse  >-  of  -4  is  defined  by 
x*-  y  =  y  x. 

The  negation  yi  of  -4  is  defined  by 
x  y  =  not  (x  -4  y). 

We  use  >-  and  >  to  denote  the  inverses  of  -<  and  <,  respectively,  and  /  and  ^  to  denote  their  negations.  If 
we  are  using  the  prefix  notation  p(x,y)  for  a  binary  relation,  we  denote  its  reflexive  closure  by  p(z,  y) ,  its 

irreflexive  restriction  by  P(x,y),  and  its  negation  by  fl(x,y). 

The  following  proposition  connects  the  relations  associated  with  a  given  binary  relation: 

Proposition  (negation  of  associated  relations) 

Consider  an  arbitrary  binary  relation  -4. 


3.  Relational  Polarity 


13 


3.  RELATIONAL  POLARITY 

We  are  now  ready  to  define  our  key  notion,  the  polarity  of  a  subexpression  with  respect  to  a  given  binary 
relation.  We  actually  define  the  polarity  of  a  subexpression  with  respect  to  two  binary  relations,  and 
-*2-  This  notion  is  to  be  defined  so  that,  if  the  subexpression  is  positive,  replacing  that  subexpression  with  a 
larger  expression  (with  respect  to  -<i)  will  make  the  entire  expression  larger  (with  respect  to  -<2)-  Similarly, 
if  the  subexpression  is  negative,  replacing  that  subexpression  with  a  smaller  expression  (with  respect  to  -<i) 
will  make  the  entire  expression  larger  (with  respect  to  -<2). 

We  begin  by  defining  polarity  for  the  arguments  of  an  operator  (i.e. ,  function  or  relation). 

Definition  (polarity  of  an  operator) 

Let  /  be  an  n-ary  operator  and  -<1  and  -<2  be  binary  relations.  Then 

•  /  is  positive  over  its  ith  argument  with  respect  to  -<1  and  -<2  if  the  sentence 

»/  x  -<l  y 

then  /(zi,  ...,z,_i,*,z,+i,...,z„)  -*2  /(zi , ....  z,_j,  y,  zi+l,  ...,zn) 
is  valid.  In  other  words,  replacing  x  with  a  larger  element  y  makes 

f(z  1  1  •••>  Zt-U  xi  zi+h  •••>  zn) 

larger. 

•  /  is  negative  over  its  ith  argument  with  respect  to  -<1  and  -<2  if  the  sentence 

if  2  -*i  y 

then  /(zi . Zj_i,y,z<+1,  ...,z„)  -*2  f(zi . zi-i,  x,  z,+1,  ...,z„) 

is  valid.  In  other  words,  replacing  y  with  a  smaller  element  x  makes 
/(zj,  Zi-\,  y,  Zj+i, z„) 

larger.  ^ 

We  illustrate  this  notion  with  two  examples. 

Example 

Suppose  our  theory  includes  the  finite  sets  and  the  nonnegative  integers.  Take  /(z)  to  be  the  cardinality 
function  card(z),  which  maps  each  set  into  the  number  of  elements  it  contains.  Take  -<1  to  be  the  subset 
relation  C  over  the  finite  sets  and  -<2  to  be  the  weak  less-than  relation  <  over  the  nonnegative  integers. 

Then  the  card  function  is  positive  over  its  first  (and  only)  argument  with  respect  to  the  relations  C  and 
<,  because  the  sentence 

then  card(x)  <  card(y) 
is  valid  (in  the  theory). 

Example 

Consider  the  theory  of  the  integers.  Take  /(zi,Z2)  to  be  the  less-than  relation  Z\  <  Zi-  Take  x  -«i  y  to 
be  the  predecessor  relation  x  -<rre,i  y,  which  holds  if  x  =  y  —  1,  and  take  -<2  to  be  the  if-then  connective. 
(Recall  that  we  regard  connectives  as  relations  on  the  set  of  truth  values.) 


14 


3.  Relational  Polarity 


Then  the  less-than  relation  <  is  negative  over  its  first  argument  with  respect  to  -<pred  And  if-then, 
because  the  sentence 

1  preci  y 

then  if  y  <  z2  then  x  <  z2 

is  valid.  Also,  <  is  positive  over  its  second  argument  with  respect  to  -<pred  and  if-then,  because  the  sentence 

if  %  cd  V 

then  xf  z\  <  x  then  Z\  <  y 


It  follows  from  the  definition  that,  for  any  n-ary  operator  /  and  binary  relations  -*i  and  -42, 

f  is  positive  over  its  tth  argument  with  respect  to  -<i  and  -<2 
if  and  only  if 

/  is  negative  over  its  tth  argument  with  respect  to  and  -* 2 
if  and  only  if 

/  is  negative  over  its  tth  argument  with  respect  to  -«i  and  *-2 
if  and  only  if 

/  is  positive  over  its  tth  argument  with  respect  to  >-1  and  >-2- 

When  we  say  that  a  relation  p(zi,  .  .  .  ,  zn)  is  positive  or  negative  over  its  tth  argument  with  respect 
to  a  single  relation  -<1(  without  mentioning  a  second  relation  -<2>  we  shall  by  convention  take  -<2  to  be  the 
if -then  connective.  Thus  in  the  above  example  we  may  simply  say  that  <  is  negative  over  its  first  argument 
and  positive  over  its  second  argument,  with  respect  to  <pred- 

Every  relation  is  both  positive  and  negative  over  each  of  its  arguments  with  respect  to  the  equality 
relation  =,  because  the  sentences 

xf  x  =  y  if  x  =  y 

then  xf  p(zi,  ...,x,...,zn)  and  then  if  p(zlt  ...,y, zn) 

then  p(zi, ...,  y, zn)  then  p(zlt x, z„) 

are  valid.  This  is  equivalent  to  the  relational-substitutivity  property  of  equality.  Also,  every  function  is  both 
positive  and  negative  over  each  of  its  arguments  with  respect  to  =  and  =,  because  the  sentences 


xf  x  =  y 

then  f(zu...,x,...,zn)  =  f(zx , ...,  y, ...,  zn) 


if  x  =  y 

then  f{zi, ...,  y, ...,  z„)  =  /(*i, 


are  valid.  This  is  equivalent  to  the  functional-substitutivity  property  of  equality. 

Every  connective  is  both  positive  and  negative  over  all  its  arguments  with  respect  to  =.  For  example, 
the  not  connective  is  both  positive  and  negative  over  its  argument  with  respect  to  =,  because  both  sentences 


«/  x  =  y 

then  if  [not  x)  then  (not  y) 


»7  *  =  y 

then  if  (not  y)  then  (not  1) 


are  valid. 


When  we  say  that  a  connective  is  positive  or  negative  over  its  tth  argument,  without  mentioning  any 
relations  -*[  and  -*2  at  all,  we  shall  by  convention  take  both  and  -d2  to  be  the  xf-then  connective.  Polarity 
in  this  sense  is  close  to  its  ordinary  use  in  logic.  The  negation  connective  not  is  negative  in  its  first  (and 
only)  argument,  because  the  sentence 


xf  xf  x  then  y 

then  if  (not  y)  then  (not  2) 


3.  Relational  Polarity 


is  valid.  The  conjunction  connective  and  and  the  disjunction  connective  or  are  positive  over  both  their 
arguments.  The  implication  connective  if-then  is  negative  in  its  first  argument,  but  positive  in  its  second. 
The  equivalence  connective  =  has  no  polarity  in  either  argument.  The  conditional  connective  if-then-else 
has  no  polarity  in  its  first  argument,  but  is  positive  in  its  second  and  third  argument. 

Note  that  a  binary  relation  -4  is  transitive  if  and  only  if  it  is  negative  with  respect  to  -4  itself  over  its 
first  argument,  because  the  polarity  condition 

if  x  -4  y 

then  if  y  -4  z  then  x  -4  z 

is  equivalent  to  the  definition  of  transitivity.  Also,  -4  is  transitive  if  and  only  if  it  is  positive  with  respect  to 
-4  over  its  second  argument. 

We  are  now  ready  to  define  polarity  for  the  subexpressions  of  a  given  expression.  The  definition  is 
inductive. 

Definition  (polarity  of  a  subexpression) 

Let  -<i  and  - < 2  be  binary  relations.  Then 

•  An  expression  s  is  positive  in  s  itself  with  respect  to  -<1  and  -42  if  -<1  implies  -*2- 

•  An  expression  s  is  negative  in  s  itself  with  respect  to  -<1  and  -<2  if  -<1  implies  *- 2 . 

Let  /  be  an  n-ary  operator  and  ei,e2,  .  . .  ,en  be  expressions.  Consider  an  occurrence  of  s  in  one 
of  the  expressions  e,.  Then 

•  The  occurrence  of  s  is  positive  in  f(e i,e2,  ...,en)  with  respect  to  and  -42  if  there 
exists  a  binary  relation  -4  such  that 

the  polarity  of  the  occurrence  of  s  in  e*  with  respect  to  -<j  and  -< 
is  the  same  as 

the  polarity  of  /  over  its  ith  argument  with  respect  to  -4  and  -<2- 

•  The  occurrence  of  s  is  negative  in  /(ei,e2,  . . . ,  e„)  with  respect  to  -<!  and  -42  if  there 
exists  a  binary  relation  -4  such  that 

the  polarity  of  the  occurrence  of  s  in  with  respect  to  -<1  and  -4 
is  opposite  to 

the  polarity  of  /  over  its  ith  argument  with  respect  to  -4  and  -42. 

Furthermore,  if  /  has  no  polarity  over  its  ith  argument  or  if  s  has  no  polarity  in  ej,  then  s  has 
no  polarity  in  /(e^e 2,  .  .  .  ,  en).  On  the  other  hand,  if  s  has  both  polarities  in  Ci  and  /  has  some 
polarity  over  its  i  argument,  or  if  /  has  both  polarities  over  its  ith  argument  and  s  has  some  polarity 
in  e, ,  then  s  automatically  has  both  polarities  in  f[e i,e2,  .  ..,en).  ^ 

Remark 

For  any  binary  relation  -4,  any  expression  s  is  positive  in  s  itself  with  respect  to  -4  and  -4  (because  -4 
implies  -4).  Similarly,  s  is  negative  in  s  with  respect  to  -4  and 

If  /  is  positive  over  its  ith  argument  with  respect  to  -<1  and  -42,  then,  for  any  expressions  ei,e2,  ■  ■  ■  ,  en, 
the  occurrence  of  e,  is  positive  in  / (e  1 ,  .  .  .  ,  e, ,  .  .  .  ,  e„)  with  respect  to  -«i  and  -<2-  For  take  -4  to  be  -<1 .  Then 
the  polarity  of  e,  in  e,  itself  is  positive  with  respect  to  -4 [  and  -41.  Also,  /  is  positive  over  its  ith  argument 
with  respect  to  -<1  and  -42.  Because  these  two  polarities  are  the  same,  e,  is  positive  in  f[e .  .  .  ,e,,  ...  ,cn) 
with  respect  to  -4  (  and  -42. 


---'.Vjv' ' vW  AV- 


16 


3.  Relational  Polarity 


Similarly,  if  /  is  negative  over  its  tth  argument,  then  e,  is  negative  in  /(fij ,  . .  .  ,  a,  with  respect 

to  -«i  and  -«2. 


We  may  indicate  the  polarity  of  a  subexpression  s  by  annotating  it  s  +  ,  s-,  or  s± . 

For  example,  suppose  our  theory  includes  the  theories  of  sets  and  nonnegative  integers.  The  occurrence 
of  s  in  the  sentence 

card(s~)  <  m 

is  negative  with  respect  to  the  subset  relation  C  and  the  if-then  connective.  For  note  that  card  is  positive 
over  its  argument  with  respect  to  C  and  <  and  that  <  is  negative  over  its  first  argument  with  respect  to  < 
and  t if-then.  Therefore,  by  our  remark,  we  know  that  a  is  positive  in  card(s)  with  respect  to  C  and  <  and 
that  card(s)  is  negative  in  card{s)  <  m  with  respect  to  <  and  if-then.  By  the  definition,  taking  to  be 
C,  -4  to  be  <,  and  -<2  to  be  if-then,  we  conclude  that  s  is  negative  in  card(s)  <  m  with  respect  to  C  and 
if -then. 

When  we  say  that  an  occurrence  of  a  subexpression  is  positive  or  negative  in  a  sentence  with  respect 
to  a  single  relation  -<1,  without  mentioning  a  second  relation  -<2,  we  shall  again  take  -4 2  to  be  the  if-then 
connective.  When  we  say  that  an  occurrence  of  a  subsentence  is  positive  or  negative  in  a  sentence,  without 
mentioning  any  relation  at  all,  we  shall  again  take  both  and  -<2  to  be  if-then. 

It  can  be  established  from  the  definition  that,  for  expressions  s  and  t  and  binary  relations  -<1  and  -<2, 

an  occurrence  of  s  is  positive  in  t  with  respect  to  and  -4 2 
if  and  only  if 

the  occurrence  of  3  is  negative  in  t  with  respect  to  >-j  and  -<2 
if  and  only  if 

the  occurrence  of  3  is  negative  in  t  with  respect  to  and  r-2 
if  and  only  if 

the  occurrence  of  s  is  positive  in  t  with  respect  to  >-1  and  >-2. 

This  is  analogous  to  our  previous  result  concerning  polarity  for  the  argument  of  an  operator. 

Suppose  an  occurrence  of  3  is  positive  [or  negative)  in  t  with  respect  to  and  -42.  Then  if  -«i  is  a 
binary  relation  that  implies  -«i,  then  s  is  positive  [or  negative,  respectively]  in  t  with  respect  to  and  -42. 
Similarly,  if  -42  implies  a  binary  relation  -42,  then  3  is  positive  [or  negative,  respectively]  in  t  with  respect 
to  -4  1  and  -4  2  ■ 

We  can  establish  the  following  result: 

Lemma  (polarity  operator) 

Let  -<1  and  -*2  be  binary  relations,  /  be  an  n-ary  operator,  and  Ci,e2,  .  . . ,  en  be  expressions.  Con¬ 
sider  an  occurrence  of  3  in  one  of  the  expressions  e,  such  that  s  has  some  polarity  in  /(ej,  e2i  ■  -  •  >  «n) 

with  respect  to  -4  (  and  -*2. 

Then  there  evict  ;  a  binary  relation  -4  such  that 

/  is  positive  over  its  tth  argument  with  respect  to  -*  and  -42 


the  polarity  n|  the  occurrence  of  3  in  f(e  i,«2,  •  ■  •  >cn)  with  respect  to  -«i  and  -42 
is  the  same  ,i.- 

the  polan'v  of  the  occurrence  of  *  in  e,  with  respect  to  -«j  and  -4. 


3.  Relational  Polarity 


17 


Proof 

Consider  the  case  in  which  the  occurrence  of  s  is  positive  in  f(e i,e2,  .  .  .  ,  e„)  with  respect  to  -«i  and 
-<2-  According  to  the  definition,  this  means  that  there  exists  a  binary  relation  -*  such  that 

the  polarity  of  the  occurrence  of  s  in  with  respect  to  -«i  and  -i 
is  the  same  as 

the  polarity  of  /  over  its  tth  argument  with  respect  to  M  and  -42. 

If  /  is  positive  over  its  tth  argument  with  respect  to  -f  and  -<2.  then  the  occurrence  of  s  is  positive  in 
e,  with  respect  to  -<i  and  and  we  can  simply  take  to  be  -4. 

On  the  other  hand,  if  /  is  negative  over  its  tth  argument  with  respect  to  -<f  and  -<2,  then  the  occurrence 
of  3  is  negative  in  ti  with  respect  to  -«i  and  -4.  By  previous  remarks,  this  means  that  /  is  positive  over  its 
tth  argument  with  respect  to  the  inverse  relation  v  and  -42,  and  the  occurrence  of  3  is  positive  in  e,  with 
respect  to  and  the  inverse  relation  Hence  we  can  take  -4  to  be  £. 

The  case  in  which  s  is  negative  in  /(«i,  «2»  ■  •  •  ,  en)  is  treated  similarly. 

Polarities  of  subexpressions  of  subexpressions  can  be  composed  according  to  the  following  result. 
Lemma  (polarity  composition) 

Consider  an  occurrence  of  a  subexpression  r  in  an  expression  3  and  an  occurrence  of  s  in  an 
expression  t.  Then  the  polarity  of  the  occurrence  of  r  is  positive  [or  negative)  in  t  with  respect  to 
binary  relations  -<x  and  -<2  if  and  only  if  there  exists  a  binary  relation  -4  such  that 

the  polarity  of  the  occurrence  of  r  in  s  with  respect  to  -<1  and  -4 
is  the  same  as  [or  opposite  to,  respectively] 
the  polarity  of  the  occurrence  of  s  in  t  with  respect  to  -4  and  -<2-  j 

For  instance,  if  r  is  negative  in  a  and  3  is  negative  in  t  then  r  is  positive  in  t,  with  respect  to  the 
appropriate  binary  relations.  If  r  has  both  polarities  in  3  and  3  has  some  polarity  in  t,  then  r  has  both 
polarities  in  t. 

We  can  now  establish  the  fundamental  property  of  polarity. 

Lemma  (polarity  replacement) 

For  any  binary  relations  -«i  and  -*2  and  expression  e(x+,  y~ ),  the  sentence 
if  x  -4 1  y 

then  e(x+,  y~)  -42  e(y+ ,  x-)1 

is  valid.  Here  e(y+,  x-)1  is  the  result  of  replacing  in  e(x+,  y~ )  precisely  one  positive  occurrence 
of  x  with  y  or  negative  occurrence  of  y  with  x  (we  assume  that  such  an  occurrence  exists)  where 
the  polarity  is  taken  in  e(x+,  y~)  with  respect  to  and  -*.2. 

Example 

Suppose  our  theory  includes  the  theories  of  lists  and  nonnegative  integers.  Take  to  be  the  tail 
relation  1  <t,„/  y,  which  is  true  if 


IS 


3.  Relational  Polarity 


that  is,  if  y  is  nonempty  and  x  is  the  list  of  all  but  the  first  element  of  y.  Take  -«2  to  be  the  predecessor 
relation  - <,,rej ■  Take  e(z+,  y~)  to  be  the  expression 

length(  x+)  +  length(x+), 

where  the  function  length(x)  yields  the  number  of  elements  in  the  list  x. 

Note  that  each  occurrence  of  x  is  positive  in  length[x )  +  length(x)  with  respect  to  and  -<pred,  as 

indicated  by  the  annotations.  For,  each  occurrence  is  positive  in  length[x )  with  respect  to  <taii  and  <prcd, 
and  the  plus  function  +  is  positive  over  either  of  its  arguments  with  respect  to  -<pTed  and  -<pred- 

Therefore,  according  to  the  lemma,  the  sentence 

*/  *  <tan  y 

then  length(x)  +  length(x)  -<pred  length[y)  4-  length(x) 

is  valid,  because  length(y)  +  length(x)  is  the  result  of  replacing  one  positive  occurrence  of  x  in  length[x)  + 
length(x)  with  y.  Also,  according  to  the  lemma,  the  sentence 

if  x  y 

then  length(x)  +  length(x)  -<pred  length(x)  +  length[y) 

is  valid,  because  length(x)  +  length(y)  is  the  result  of  replacing  one  positive  occurrence  of  x  in  length(x)  + 
iength(x)  with  y. 

On  the  other  hand,  the  lemma  does  not  allow  us  to  conclude  that 

»/  x  y 

then  length[x )  +  length(x)  -<pred  length(y)  +  length(y) 

is  valid,  because  length(y)  +  length(y)  is  obtained  by  replacing  two,  not  one,  positive  occurrences  of  x  in 
length(x)  +  length(x)  with  y.  In  fact,  this  third  sentence  is  not  valid. 

■J 

We  now  prove  the  lemma. 

Proof  (polarity  replacement  lemma) 

For  any  arbitrary  binary  relation  -<i,  suppose  that 
x  -<i  y. 

We  show  that,  for  any  expression  e(x+ ,  y~),  we  have,  for  any  binary  relation  -4 2 1 

«<*+,  y~ )  -«2  e(y+,  x~)1. 

The  proof  is  by  induction  on  the  structure  of  e(x  +  ,  y~).  In  other  words,  we  show  the  desired  conclusion 
for  an  arbitrary  expression  e(x+,  y~),  under  the  induction  hypothesis  that,  for  any  proper  subexpression 
?{x+,  y~)  of  e(x+,  y~),  we  have,  for  any  binary  relation  ^2, 

e(x+,  y~)  ^2  e(y+,  x~)1. 

As  in  the  statement  of  the  lemma,  e(y+  ,  x~ ) 1  is  obtained  from  e(x+ ,  y~  )  by  replacing  precisely  one  occurrence 
of  x  or  y,  of  suitable  polarity  with  respect  to  -<!  and  -<2- 

The  proof  distinguishes  among  several  subcases. 

Case:  The  expression  e(x+,  y~ )  is  simply  x 

Then,  because  the  replaced  variable  x  is  positive  in  x,  with  respect  to  -<1  and  -<2l  we  have  (by  the 
definition  of  polarity)  that  -<i  implies  -<2- 


3.  Relational  Polarity 


19 


In  this  case,  e(y+,  x  }l  is  y,  and  we  must  show 
x  -<2  y- 

But  this  follows  from  our  supposition  that  x  -4i  y,  because  -<i  implies  -<2. 

Case:  The  expression  e(z+,  y~ )  is  simply  y 

Then,  because  the  replaced  variable  y  is  negative  in  y  with  respect  to  -<i  and  -«2,  we  have  (by  the 
definition  of  polarity)  that  -4i  implies  >-2. 

In  this  case,  e(y+,  x~)  is  x,  and  we  must  show  that 

y  -*2  x, 

or,  equivalently,  that 
x  *-2  y- 

But  this  follows  from  our  supposition  that  x  -«i  y,  because  -4r  implies  >-2. 

Case:  e(x+,  y~)  is  of  form  f(e i,e2,  ■  ■  ■  ,en),  where  /  is  an  n-ary  operator 

The  replaced  occurrence  of  x  [or  y]  must  occur  in  one  of  the  arguments  e,  of  f.  Because  this  occurrence 
is  positive  [or  negative,  respectively]  in  }[ey,  e2,  ■  ■  ■  ,e„)  with  respect  to  -«!  and  -42,  we  know  (by  the  polarity 
operator  lemma)  that  there  exists  a  binary  relation  -4  such  that 

/  is  positive  over  its  tth  argument  with  resect  to  -4  and  -<2 

and 

the  polarity  of  the  replaced  occurrence  of  x  [or  y]  in  e<  with  respect  to  -4X  and  -* 
is  the  same  as 

the  polarity  of  the  replaced  occurrence  of  x  [or  y]  in  /(er^i  ■  •  •  >er>)>  that  is, 
e(z+,  y”),  with  respect  to  -<1  and  -<2- 

Let  us  therefore  write  e,  «i(z+,  y-)- 

Because  e,(z+,  y~)  is  a  proper  subexpression  of  e(z+,  y~),  we  can  apply  our  induction  hypothesis, 
taking  e(z+,  y”)  to  be  e{(x+,  y~)  and  to  be  -i,  to  conclude  that 

e,(z+,  y”}  -<  e,(y+,  x~)1. 

Therefore  (by  the  definition  of  polarity  of  an  operator,  because  /  is  positive  over  its  fth  argument  with 
respect  to  -4  and  -42 ) ,  have 

/ ( e  1 , . . . ,  e,  (z  ,  y  ),...,en)  -4 2  /(ci , ...,  et-(y^",  x  ),-•*,  tn), 

that  is, 

e(x+,  y~  )  -<2  e(y+,  z-)1, 
as  we  wanted  to  show.  This  completes  the  proof. 

The  polarity  replacement  lemma  allows  us  to  replace  precisely  one  occurrence  of  a  variable.  If  we  know 
more  about  the  relation  -42,  we  can  establish  stronger  versions  of  the  lemma.  In  particular,  if  we  know  that 
-4 2  is  transitive,  we  can  replace  one  or  more  occurrences  of  the  variable. 

Lemma  (transitive  polarity  replacement) 


20 


3.  Relational  Polarity 


For  any  binary  relations  -«i  and  s.2  and  expression  e(i+,  y  ),  where  -«2  is  transitive,  the  sentence 
1/  1  -<1  V 

then  e(x+ ,  y~ )  -*2  «(y+.  x~)n 

b  valid  for  every  positive  integer  n.  Here  e{y+,  x~)u  is  the  result  of  replacing  in  e{x+,  y“)  precisely 
n  positive  occurrences  of  x  with  y  or  negative  occurrences  of  y  with  x,  where  the  polarity  is  taken 
in  e(x+,  y~)  with  respect  to  -«i  and  -<2.  j 

Note  that  we  can  replace  occurrences  of  both  x  and  y  in  the  same  expression;  precbely  n  replacements 
are  made  altogether.  Also,  the  lemma  requires  that  at  least  one  replacement  be  made. 

Example 

Suppose  our  theory  includes  the  theories  of  both  lists  and  integers.  Take  e{x^ ,  y~)  to  be  the  expression 

e(x+ ,  y~)  :  length(x+)  +  ( length(x+ )  —  length(y~)) . 

Take  to  be  the  tail  relation  -<taii  (defined  in  a  previous  example)  and  -<2  to  be  the  less-than  relation 
<.  Note  that,  with  respect  to  -<tau  and  <,  both  occurrences  of  x  are  positive  and  the  occurrence  of  y  is 
negative  in  «(x+,  y~);  also  <  is  transitive.  According  to  the  lemma,  the  following  sentences  (among  others) 
are  valid:  the  sentence 

«/  x  y 

then  length(x)  +  (length(x)  —  length(y))  <  length(y)  +  (length(y)  —  length(y)) , 
for  which  both  occurrences  of  x  in  e{x+ ,  y~)  have  been  replaced,  and 

»/  x  y 

then  length(x)  +  (lengtk(x)  —  length(y))  <  iength(x)  +  [length(y)  —  length(x)), 
for  which  one  occurrence  of  x  and  one  of  y  in  e(x+,  y~)  have  been  replaced. 

On  the  other  hand,  the  lemma  does  not  allow  us  to  conclude  that 

*/  x  y 

then  length(x)  +  (length(x)  -  length(y))  <  length(x)  +  (length(x)  —  length(y)) , 

is  valid,  because  no  replacements  of  x  or  of  y  in  e(x+,  y~)  have  been  replaced.  In  fact,  this  final  sentence  b 
clearly  not  valid. 

We  now  prove  the  lemma 
Proof  (transitive  polarity  replacement  lemma) 

We  assume  throughout  that  polarity  is  with  respect  to  -«i  and  -i2-  We  suppose  that 

x  -*i  y 

and  show  that 

y  )  ~*2  f-  y~  ■  x")n, 

for  every  positive  integer  n.  The  proof  is  by  induction  on  n. 

Base  Case :  n  I . 

In  this  case,  precisely  one  replacement  is  made.  The  desired  result 
e(x^,  y '  )  s 2  e(y+,  x")1 

follows  from  the  original  polarity  replacement  lemma. 


3.  Relational  Polarity 


21 


Inductive  Step: 

For  an  arbitrary  positive  integer  k,  we  assume  inductively  that 
e(*+.  y~)  -*2  e(y+,  x~)k 
and  show  that 

«(*+,  y~)  -42  e(y+,  x~)k+1. 

Observe  that  e(y+ ,  x~)k+1  can  be  obtained  from  e(y+ ,  x~)k  by  replacing  precisely  one  positive  occur¬ 
rence  of  x  with  y  or  one  negative  occurrence  of  y  with  x.  Therefore,  by  the  original  polarity  replacement 
lemma,  we  have 

e(y+,  x~)k  -42  e(y+,  x~)k  +  l. 

Because  our  induction  hypothesis  is  that  e(x+ ,  y~)  -<2  e(y+,  x~)k,  and  because  we  have  assumed  that 
-<2  is  transitive,  we  can  conclude  that 

e(x+,  y~)  ~*2  e(y+,  x~)k+1, 

as  we  wanted  to  show. 


If  -42  is  transitive,  the  above  lemma  allows  us  to  replace  one  or  more  occurrences  of  a  variable.  If  -42  is 
both  reflexive  and  transitive,  the  following  lemma  allows  us  to  replace  zero,  one,  or  more  occurrences. 

Lemma  (reflexive  transitive  polarity  replacement) 

For  any  binary  relations  and  -<2  and  expression  e(x+ ,  y~),  where  -<2  is  both  reflexive  and  transitive, 
the  sentence 

*/  x  -4j  y 

then  e(x  +  ,  y~)  -42  e(y+,  x~ ) 

is  valid.  Here  <(y+,  x~)  is  the  result  of  replacing  in  e(x+ ,  y~)  certain  positive  occurrences  of  1  with  y  and 
certain  negative  occurrences  of  y  with  x,  where  polarity  is  taken  in  e(x+,  y~ )  with  respect  to  and  -4 3 . 


This  lemma,  as  opposed  to  the  transitive  polarity  replacement  lemma,  admits  the  possibility  of  replacing  no 
occurrences  at  all  of  x  or  y  in  e(x+ ,  y~). 

Example 

Suppose  our  theory  includes  the  theories  of  both  finite  sets  and  integers.  Take  e(x+ ,  y~ )  to  be  the 
expression 

e(x  + ,  y  )  :  card[x+  ~  y~  )  —  card(y~  ~  x+ ) 

where  x~  y  is  the  difference  between  the  sets  x  and  y,  that  is,  the  set  of  elements  of  x  that  do  not  belong  to 
y.  Take  -41  to  be  the  subset  relation  C  and  -42  to  be  the  weak  less- than  relation  <-  Note  that,  with  respect 
to  C  and  <,  both  occurrences  of  x  are  positive  and  botli  occurrences  of  y  are  negative  in  e(x+,  y_),  as  the 
annotations  indicate.  Also,  <  is  both  transitive  and  reflexive. 

Therefore,  according  to  the  lemma,  the  following  sentences  .are  valid:  the  sentence 

if  x  r  y 

then  card (x  ~  y)  -  card[y  ~  x)  <  card(y  ~  x)  -  card(x  ~  y), 


22  3.  Relational  Polarity 

for  which  all  occurrences  of  z  and  y  in  e(z+,  y~)  have  been  replaced,  and  the  sentence 
«/  *  C  y 

then  card(x  ~  y)  —  card(y  ~  x)  <  card[x  ~  y)  —  card[y  ~  z), 

for  which  no  occurrences  of  x  and  y  in  e(x+,  y~)  have  been  replaced.  Of  course,  other  valid  sentences  can 
be  obtained  by  replacing  some,  but  not  all,  of  the  occurrences  of  x  and  y  in  e(z+,  y_). 

The  proof  is  straightforward. 

Proof  (reflexive  transi'ive  polarity-replacement  lemma) 

In  the  case  in  which  no  replacements  are  made,  e(y+ ,  x~)  is  identical  to  e(z+,  y~ ),  and  the  desired 
result  holds  because  wc  have  supposed  that  -«2  is  reflexive.  In  the  case  in  which  one  or  more  replacements  are 
made,  the  desired  result  follows  from  the  transitive  polarity  replacement  lemma,  because  we  have  supposed 
that  -<2  is  also  transitive. 

The  following  consequence  of  the  polarity  replacement  lemma  will  be  used  most  frequently: 
Proposition  (polarity  replacement) 

For  any  binary  relation  -4  and  sentence  P (x+ ,  y~ ),  the  sentence 
if  x  H  y 

then  if  P{x+ ,  y~  ) 
then  P{y+,  x~) 

is  valid.  Here  P (y+ ,  x~)  is  the  result  of  replacing  in  P (x+ ,  y~)  certain  positive  occurrences  of  z 
with  y  and  certain  negative  occurrences  of  y  with  z,  where  polarity  is  taken  in  P{x+,  y~)  with 
respect  to  -4. 

Recall  that,  when  we  refer  to  polarity  in  a  sentence  with  respect  to  a  single  relation  we  mean  polarity 
with  respect  to  -4  and  the  if-then  connective.  The  proposition  allows  us  to  replace  occurrences  of  both  z 
and  y  in  the  same  sentence  and  (trivially)  admits  the  possibility  that  no  replacements  are  made. 

The  proof  is  immediate. 

Proof 

Regarded  as  a  relation,  the  if-then  connective  is  reflexive  and  transitive.  The  replaced  occurrences  of 
z  and  y  are  respectively  positive  and  negative  in  P (x+ ,  y~)  with  respect  to  -4  and  if-then.  Therefore  the 
proposition  is  simply  an  instance  of  the  reflexive  transitive  polarity  replacement  lemma,  taking  -*i  to  be 
-<2  to  be  if-then,  and  e(z+,  y~ )  to  be  P (z+ ,  y~). 

Example 

Suppose  our  theory  includes  the  theories  of  finite  sets  and  integers.  Take  P (x+ ,  y~ )  to  be  the  sentence 

P (x  + ,  y~)  :  a  <  card(x+  ~  y~  )  and  card[y~  ~  z+)  <  6. 

Take  -4  to  be  the  subset  relation  C.  Note  that,  with  respect  to  C,  both  occurrences  of  z  are  positive  and 
both  occurrences  of  y  are  negative  in  P (z+ ,  y~ ),  as  indicated  by  the  annotations.  Therefore,  according  to 
the  proposition,  the  following  sentences  are  valid:  the  sentence 

if  *  £  V 

then  if  a  <  card{x  ~  y)  and  card[y  ~  z)  <  b 

then  a  <  card(x  ~  z)  and  card(y  ~  y)  <  fc, 


.*  J".  J-  /■_ 


•  *  -  V  '  *  'J  ^ 


4.  Nonclausal  Deduction 


23 


for  which  one  occurrence  of  x  and  one  occurrence  of  y  in  P(x+,  y  )  has  been  replaced,  the  sentence 

»/  *  £  y 

then  if  a  <  card{x~  y)  and  card(y  ~  x)  <  b 

then  a  <  card[y  ~  y)  and  card(y  ~  y)  <  b, 

for  which  both  occurrences  of  x  in  P  {x+ ,  y~)  have  been  replaced,  and  the  sentence 

*/  x  C  y 

then  if  a  <  card[x  ~  y)  and  card(y  ~  x)  <  b 

then  a  <  card(y  ~  s)  and  card(x  ~  y)  <  b, 

for  which  both  occurrences  of  x  and  both  occurrences  of  y  in  P{x+,  y~)  have  been  replaced. 

We  have  now  developed  the  mathematical  results  on  relational  polarity  we  need  in  order  to  introduce 
the  special-relations  rules.  But  first,  we  introduce  briskly  our  basic  nonclausal  deduction  system. 


4.  NONCLAUSAL  DEDUCTION 

In  this  section  we  present  a  basic  nonclausal  deduction  system,  without  any  special-relations  rules.  This 
system  bears  some  resemblance  to  those  of  Murray  [82]  and  Stickel  [82];  it  is  based  on  the  system  of  Manna 
and  Waldinger  [80],  but  is  simplified  in  several  respects: 

•  The  system  presented  here  is  a  refutation  system;  it  attempts  to  show  that  a  given  set  of  sentences 
is  unsatisfiable.  (The  original  system  operates  on  a  tableau  of  assertions  and  goals,  and  attempts 
to  show  that  at  least  one  of  the  goals  follows  from  the  assertions.) 

•  The  system  is  presented  with  no  program  synthesis  capabilities. 

•  The  mathematical  induction  principle  is  omitted. 

These  simplifications  have  been  made  for  purely  expository  purposes:  the  special-relations  rules  are 
compatible  with  a  tableau  theorem  prover  and  with  the  induction  principle  and  are  of  great  use  in  program 
synthesis,  our  primary  application. 


THE  DEDUCED  SET 

The  deduction  system  we  describe  operates  on  a  set,  called  the  deduced  set,  of  sentences  in  quantifier- 
free  first-order  logic.  We  attempt  to  show  that  a  given  deduced  set  is  unsatisfiable,  i.e. ,  that  there  is  no 
interpretation  under  which  all  the  sentences  are  true. 

Theorem  proving  in  a  first-order  axiomatic  theory  can  be  reduced  to  showing  the  unsatisfiability  of  such 
a  set.  In  particular,  to  show  that  a  sentence  7  is  valid  in  a  theory  whose  axioms  are  Ai,  A2,  •  •  •  ,  Ak,  we 
can 

•  Remove  the  quantifiers  of  the  sentences  A\,  A2,  ■  ■  ■  ,  Ak,  and  not  7,  by  skolemization  (see, 
for  example,  Chang  and  Lee  [73 j ,  Loveland  [78],  or  Robinson  [79]). 

•  Show  the  unsatisfiability  of  the  resulting  set  of  quantifier-free  sentences. 

We  do  not  require  that  the  sentences  be  in  clausal  form;  indeed,  they  can  use  the  full  set  of  connectives  of 
propositional  logic,  including  equivalence  (  =  )  and  the  conditional  ( if-then-else ). 


24 


4.  Nonclausal  Deduction 


Example 

Consider  the  theory  of  the  strict  partial  ordering  -<,  defined  by  the  transitivity  axiom 

and  the  irreflexivity  axiom 

(Vi)  [ not  ( i  -<  i)] . 

Suppose  we  would  like  to  show  that  in  this  theory  the  asymmetry  property 


If  the  truth  symbol  false  belongs  to  the  deduced  set,  the  set  is  automatically  unsatisfiable,  because  the 
sentence  false  is  not  true  under  any  interpretation. 

Because  the  variables  of  the  sentences  in  the  deduced  set  are  tacitly  quantified  universally,  we  can 
systematically  rename  them  without  changing  the  unsatisfiability  of  the  set;  that  is,  the  set  is  unsatisfiable 
before  the  renaming  if  and  only  if  it  is  unsatisfiable  afterwards.  Of  course,  we  must  replace  every  occurrence 
of  a  variable  in  the  sentence  with  the  new  variable,  and  we  must  be  careful  not  to  replace  distinct  variables 
in  the  sentence  with  the  same  variable.  The  variables  of  the  sentences  in  the  deduced  set  may  therefore  be 
standardized  apart ;  in  other  words,  we  may  rename  the  variables  of  the  sentences  so  that  no  two  of  them 
have  variables  in  common. 

For  any  sentence  7  in  the  deduced  set  and  any  substitution  6,  we  may  add  to  the  set  the  instance  76 
of  7,  without  changing  the  unsatisfiability  of  the  set.  In  particular,  if  the  deduced  set  is  unsatisfiable  after 
the  addition  of  the  new  sentence,  it  was  also  unsatisfiable  before.  Note  that  in  adding  the  new  sentence  76, 
we  do  not  remove  the  original  sentence  7 ■ 


THE  DEDUCTIVE  PROCESS 


In  the  deductive  system  we  apply  deduction  rules,  which  add  new  sentences  to  the  deduced  set  without 
changing  its  unsatisfiability.  Deduction  rules  are  expressed  as  follows: 

1  7l,  •  ■  *  ,  7m 


This  means  that,  if  the  given  sentences  7\,  7i,  ■  ■  .  ,  7m  belong  to  the  deduced  set,  the  conclusion  7  may 
be  added.  Such  a  rule  is  said  to  be  sound  if  the  given  sentences  7\,  7i,  ■  ■  .  ,  7m  imply  the  sentence  7 ■  If  a 
deductive  rule  is  sound,  its  application  will  preserve  the  unsatisfiability  of  the  deduced  set. 


The  deductive  process  terminates  successfully  if  we  introduce  the  truth  symbol  false  into  the  deduced 
set.  Because  deduction  rules  preseive  unsatisfiability,  and  because  a  set  of  sentences  containing  false  is 
automatically  unsatisfiable,  this  will  imply  that  the  original  deduced  set  was  also  unsatisfiable. 

We  include  two  classes  of  deduction  rules  in  the  basic  system: 


4.  Nonclausal  Deduction 


25 


•  The  transformation  rules,  which  replace  subsentences  with  equivalent  sentences. 

•  The  resolution  rule,  which  performs  a  case  analysis  on  the  truth  of  matching  subsentences. 

These  rules  are  described  in  this  section.  In  later  sections,  we  augment  the  basic  system  with  two  new  classes 
of  rules: 

•  The  replacement  rules,  which  replace  subexpressions  with  other  expressions  (not  necessar¬ 
ily  equivalent  or  equal). 

•  The  matching  rules,  which  introduce  new  conditions  to  be  proved  that  enable  subexpres¬ 
sions  to  be  matched. 

We  first  describe  the  transformation  rules. 


TRANSFORMATION  RULES 

The  transformation  rules  replace  subsentences  of  the  sentences  of  our  deduced  set  with  propositionally 
equivalent,  simpler  sentences.  For  instance,  the  transformation  rule 

P  and  true  — »  P 

replaces  a  subsentence  of  form  (P  and  true)  with  the  corresponding  sentence  of  form  P.  The  simplified 
sentence  is  then  added  to  the  deduced  set.  (Logically  speaking,  the  original  sentence  remains  in  the  deduced 
set  too,  but,  for  efficiency  of  implementation,  the  original  sentence  need  not  be  retained.) 

We  include  a  full  set  of  such  true-false  transformation  rules;  e.g., 

not  true  — ►  false 

P  or  true  —*  true 

if  P  then  false  — ►  not  P . 

These  rules  can  eliminate  from  a  sentence  any  occurrence  of  the  truth  symbols  true  and  false  as  a  proper 
subsentence. 

We  also  include  such  propositional  simplification  rules  as 
P  and  P  ->  P 
not  not  P  — »  P . 

These  rules  are  not  logically  necessary,  but  are  included  for  cosmetic  purposes. 

The  soundness  of  the  transformation  rules  is  evident,  because  each  produces  a  sentence  equivalent  to 
the  one  to  which  it  is  applied. 

Example 

Suppose  our  deduced  set  contains  the  sentence 

if  q[a)  then  false 
7  :  or 

(not  true)  or  ( not  q[a )). 

(We  omit  parentheses  when  the  structure  of  the  sentence  can  be  indicated  by  indenting.)  This  can  be 
transformed,  by  application  of  the  rule 


26 


4.  Nonclausal  Deduction 


into  the  sentence 

not  g(a) 
or 

(not  true)  or  ( not  q(a )), 
which  may  then  be  added  to  the  deduced  set. 

The  new  sentence  can  be  transformed  in  turn,  by  successive  application  of  the  rules 
not  true  — ►  false 
false  or  P  — *  P, 

P  or  P  P, 
into  the  sentence 

not  g(a). 

We  shall  say  that  the  original  sentence  /  reduces  to  (not  q(a))  under  transformation. 

Our  original  system  (Manna  and  Waldinger  [80])  included  many  more  transformation  rules;  also,  their 
operation  was  more  complex.  In  this  system,  the  role  of  these  more  complex  rules  has  been  assumed  by  the 
replacement  rule  of  Section  5. 


RESOLUTION  RULE:  GROUND  VERSION 

The  resolution  rule  applies  to  two  sentences  of  our  set,  and  performs  a  case  analysis  on  the  truth  of  a 
common  subsentence.  Instances  of  the  sentences  can  be  formed,  if  necessary,  to  create  a  common  subsentence; 
however,  we  first  present  the  ground  version  of  the  rule,  which  does  not  form  instances  of  these  sentences. 


Rule  (resolution,  ground  version) 

For  any  ground  sentences  P ,  7\P),  and  £[P],  we  have 

m 

s\p i 

7\Jalse\  or  $\true\  j 

In  other  words,  if  7\P\  and  Q\P\  are  sentences  in  our  deduced  set  with  a  common  subsentence  P,  we  can 
add  to  the  set  the  sentence  (7\false\  or  §\true\)  obtained  by  replacing  every  occurrence  of  P  in  7\P\  with 
false,  replacing  every  occurrence  of  P  in  Q\P\  with  true,  and  taking  the  disjunction  of  the  results.  We  shall 
assume  that  7\P ]  and  Q\P\  have  at  least  one  occurrence  each  of  the  subsentence  P .  We  do  not  require  that 
71  Pj  and  Q\P |  be  distinct  sentences. 

Because  the  resolution  rule  introduces  new  occurrences  of  the  truth  symbols  true  and  false,  it  is  always 
possible  to  simplify  the  resulting  sentence  immediately  afterwards  by  application  of  the  appropriate  true-false 
rules.  These  subsequent  transformations  will  sometimes  be  regarded  as  part  of  the  resolution  rule  itself. 


4.  Nonclausal  Deduction 


27 


Example 

Suppose  our  deduced  set  contains  the  sentences 
7  \  if  q(a)  then 

and 

S'.  ( not  p(a,  b)  )  or  (not  q(a)) . 

These  sentences  have  a  common  subsentence  p(a,  6),  indicated  by  the  surrounding  boxes.  By  application  of 
the  resolution  rule,  we  may  replace  every  occurrence  of  p(a,  b)  in  7  with  false,  replace  every  occurrence  of 
p(a,  b)  in  £  with  true,  and  take  the  disjunction  of  the  result,  obtaining  the  sentence 

if  q(a)  then  false 
or 

(not  true)  or  (nof<j(a)), 

which  (as  we  have  seen  in  a  previous  example)  reduces  under  transformation  to 
not  q(a). 

This  sentence  may  be  added  to  the  deduced  set. 

Let  us  show  that  the  resolution  rule  is  sound,  and  hence  that  it  preserves  the  unsatisfiability  of  the 
deduced  set. 

Justification  (resolution  rule,  ground  version) 

We  must  show  that  the  given  sentences  7{P)  and  Q\P\  imply  the  newly  deduced  sentence  (7[false\  or 
£(true|).  Suppose  that  7\P\  and  Q\P\  are  true;  we  would  like  to  show  that  then  (7[false\  or  £[true))  is  true. 
We  show  that  one  of  the  two  disjuncts,  7{false\  or  $\true j,  is  true. 

In  the  case  in  which  the  common  subsentence  P  is  false,  we  know  (by  the  value  property,  because  P 
and  false  have  the  same  truth  value  and  7\P\  is  true)  that  the  first  of  the  disjuncts,  7[false),  is  true. 

Similarly,  in  the  case  in  which  the  common  subsentence  P  is  true,  we  know  (by  the  value  property  again, 
because  P  and  true  have  the  same  truth  value  and  $\P]  is  true)  that  the  second  of  the  disjuncts,  Q\true\,  is 
true.  j 

We  have  established  the  soundness  of  the  ground  version  of  the  resolution  rule  when  applied  to  ground 
sentences,  which  contain  no  variables.  We  require  the  sentences  to  be  ground  because  the  justification 
depends  on  the  value  property,  which  holds  only  for  ground  sentences.  We  can  actually  apply  the  ground 
version  of  the  rule  to  sentences  with  variables;  the  soundne3  of  such  applications  follows  from  the  justification 
for  the  general  version  of  the  rule,  which  we  present  later. 

We  now  discuss  an  important  strategy  for  controlling  the  resolution  rule. 


THE  POLARITY  STRATEGY 

Murray’s  [82]  polarity  strategy  allows  us  to  consider  only  those  applications  of  the  resolution  rule  under 
which  at  least  one  occurrence  of  P  is  positive  (or  of  no  polarity)  in  7\P ]  and  at  least  one  occurrence  of  P  is 
negative  (or  of  no  polarity)  in  Q\P\.  In  other  words,  not  all  the  subsentences  that  are  replaced  with  false  are 
negative  and  not  all  the  subsentences  that  are  replaced  with  true  are  positive.  This  strategy  blocks  many 
useless  applications  of  the  rule  and  rarely  interferes  with  a  reasonable  step. 


4.  Nonclausal  Deduction 


The  intuitive  rationale  for  the  polarity  strategy  is  that  it  is  our  goal  to  deduce  the  sentence  false,  which 
is  more  false  than  any  other  sentence.  By  replacing  positive  sentences  with  false  and  negative  sentences  with 
true,  we  are  moving  in  the  right  direction,  making  the  entire  sentence  more  false. 


Example 


Suppose  our  deduced  set  contains  the  sentences 


or  q(b) 


S'-  'f  P(a)  then  q{b). 


These  sentences  have  occurrences  of  a  common  subsentence  p(a),  of  positive  and  negative  polarity,  respec¬ 
tively,  as  indicated  by  the  annotation.  By  application  of  the  resolution  rule,  we  obtain  the  sentence 


false  or  q(b) 


if  true  then  q(b), 


which  reduces  to  q(b)  under  transformation. 


Let  us  reverse  the  roles  of  our  sentences. 


7  :  if  p(a )  then  q(b ) 


9  '■  p(a )  or  <?(*>)■ 


The  sentences  still  have  occurrences  of  a  common  subsentence  p(a).  However,  it  is  in  violation  of  the  polarity 
strategy  to  apply  the  rule  for  the  sentences  in  this  order,  because  now  the  occurrence  of  p(a)  is  negative  in 
J ,  i.e.,  it  is  not  positive  or  of  no  polarity.  Also,  the  polarity  of  p(a)  is  positive  in  §.  If  we  insist  on  applying 
the  resolution  rule  anyway,  we  obtain  the  sentence 


if  false  then  q(b) 


true  or  q(b), 


which  reduces  to  true  under  transformation.  Although  it  does  no  harm  to  add  the  sentence  true  to  our 
deduced  set,  it  is  of  no  use  in  establishing  the  unsatisfiability  of  the  set. 


There  are  two  other  legal  applications  of  the  resolution  rule  to  the  same  two  sentences,  obtained  by 
taking  the  common  subsentence  to  be  q[b)  rather  than  p(a).  Both  of  these  applications  of  the  rule  lead  us 
to  obtain  the  redundant  sentence  true,  and  both  are  in  violation  of  the  polarity  strategy. 


RESOLUTION  RULE:  GENERAL  VERSION 


The  general  version  of  the  rule  allows  us  to  instantiate  the  variables  of  the  given  sentences  as  necessary 
to  create  common  subsentences.  It  is  expressed  as  follows: 


4.  Nonclausal  Deduction 


29 


Rule  (resolution,  general  version) 

For  any  sentences  P,  P,  J\P\,  and  £[£],  where  7  and  Q  are  standardized  apart,  i.e.,  they  have  no 
variables  in  common,  we  have 

m 

5[P\ 

76\Jalse\  or  Q8\true\ 

where  9  is  a  most-general  unifier  of  P  and  P . 

More  precisely, 

•  7  has  one  or  more  subsentences  P ,  Pi,  Pi,  ■  ■  ■  ■ 

•  §  has  one  or  more  subsentences  P,  Pi,  Pi,  .... 

•  6  is  a  most  general  unifier  of  P ,  Pi,  P2,  ■  ■  ■  ,  and  P,  Pi,  P2,  .  .  . ;  hence 

Pd  =  P18  =  P2e  =  ...  =Pe  =  Pid  =  p28  =  .... 

•  The  conclusion  of  the  rule  is  obtained  by  replacing  all  occurrences  of  P9  in  79  with  false, 
replacing  all  occurrences  of  Pd  (that  is,  P6)  in  § 8  with  true,  and  taking  the  disjunction 
of  the  results 

In  other  words,  we  apply  the  ground  version  of  the  rule  to  78  and  £9,  taking  PB  as  the  common 
subsentence. 


The  rule  requires  that  the  sentences  7  and  §  be  standardized  apart,  i.e.,  that  they  have  no  variables 
in  common.  This  may  be  achieved  by  renaming  the  variables  of  the  sentences  as  necessary.  If  both  are  the 
same  sentence,  we  rename  the  variables  of  one  copy  of  the  sentence. 

Let  us  show  that  the  general  version  of  the  rule  is  sound. 

Justification  (resolution  rule,  general  version): 

The  soundness  of  the  general  version  of  the  rule  follows  from  the  soundness  of  its  ground  version.  We 
show  that  the  sentences  7  and  £  imply  the  sentence  (79[false j  or  §9\true}). 

We  suppose  that  (under  a  given  interpretation]  the  sentences  7  and  §  tire  true  and  show  that  ( 79[false ] 
or  Q9[tr uej)  is  also  true.  It  suffices  (by  the  definition  of  truth  for  a  nonground  sentence)  to  show  that  any 
ground  instance  of  ( 79\false\  or  Q8\true ])  is  true. 


Because  7  and  Q  are  true,  we  know  (by  the  instantiation  lemma)  that  79  and  QB  are  true  and  hence 
(by  the  definition  of  truth  for  a  nonground  sentence)  that  every  ground  instance  of  79  and  Q6  is  true.  But 
any  ground  instance  of  ( 76\false\  or  G9[truc])  is  the  result  of  applying  the  ground  version  of  the  rule  to  the 
corresponding  ground  instance  of  78  and  Q8\  therefore  it  is  also  true. 


The  general  version  of  the  rule  includes  the  ground  version  as  a  special  case,  in  which  the  most-general 
unifier  9  is  the  empty  substitution  (  }. 


The  following  illustration  of  the  general  resolution  rule  is  extracted  from  t.h<  derivation  of  a  biiiory-search 
real-number  square-root  program. 


.'a.  -  J  1*1 -  k  m,.  -a  -  j, 


so 


4.  Nonclausal  Deduction 


Example 

In  the  theory  of  the  nonnegative  real  numbers,  suppose  our  deduced  set  contains  the  sentence 
7  :  not  (y2  <  a  and  not  ( y  +  «)2  <  a  1  ), 


where  y  is  a  variable  and  a  and  c  are  constants.  (The  sentence  is  negated  because  it  is  deduced  from  the 
negation  of  the  original  theorem.) 

We  are  about  to  apply  the  resolution  rule  to  this  sentence  and  itself.  Therefore  let  us  produce  another 
copy  of  the  sentence  and  standardize  the  two  sentences  apart;  i.e.,  we  rename  the  variable  of  the  second 
sentence 


5  ■ 


not  ( 


and  not  (( y  +  e)2  <  a)). 


The  boxed  subsentences 


P  :  (y  +  «)2  <  a 

and 

P:  y2  <  a 

are  unifiable,  with  most-general  unifier 
8  ■  {y«-y  +  «}. 

To  apply  the  rule,  we  replace  all  occurrences  of  Pd  in  76  with  false,  replace  all  occurrences  of  p6  in  Q6  with 
true,  and  take  the  disjunction  of  the  results,  obtaining 

not  (y2  <  a  and  not  false) 
or 

not  (true  and  not  (((y  +  e)  +  e)2  <  a)). 

This  sentence  reduces  under  transformation  to 
not  (y2  <  a)  or  ((y  +  c)  +  c)2  <  a. 

The  above  application  of  the  rule  is  in  accordance  with  the  polarity  strategy,  because  the  boxed  sub¬ 
sentence  P  is  positive  in  7  and  the  boxed  subsentence  P  is  negative  in  Q. 


The  resolution  rule  presented  here  is  an  extension  of  the  rule  of  Robinson  [65]  to  the  nonclausal  case. 
Robinson’s  rule  applies  to  clauses  of  the  form 

7:  P  or  7' 

5  '■  ( not  P)  or  C' , 

where  P  and  P  are  unifiable  propositions,  with  most-general  unifier  9,  and  7'  and  §'  are  themselves  clauses. 
Robinson’s  rule  deduces  the  new  sentence 

7'6  or  O' 6. 

The  resolution  rule  presented  here  deduces,  from  the  same  sentences  7  and  Q,  the  new  sentence 

false  or  7'6 
or 

( not  true )  or  C'9. 

This  sentence  reduces  under  transformation  to  ( 7' 6  or  $'9),  the  same  sentence  deduced  by  Robinson’s  version 
of  the  rule. 


5.  The  Relation  Replacement  Rule 


31 


Nonclausal  resolution  was  developed  independently  by  Manna  and  Waldinger  [80]  and  Murray  [82],  The 
resolution  and  transformation  rules  together  have  been  shown  by  Murray  to  provide  a  complete  system  for 
first-order  logic.  An  implementation  of  a  nonclausal  resolution  theorem  prover  by  Stickel  [82]  employs  a 
connection  graph  strategy. 


5.  THE  RELATION  REPLACEMENT  RULE 

We  now  begin  to  extend  our  nonclausal  deduction  system  to  give  special  treatment  to  a  binary  relation 
*4.  The  two  new  rules  of  the  extension  allow  us  to  build  into  the  system  instances  of  the  polarity  replace¬ 
ment  proposition,  just  as  the  paramodulation  and  E-resolution  rules  allow  us  to  build  in  instances  of  the 
substitutivity  of  equality. 

Recall  that,  according  to  the  polarity  replacement  proposition,  for  any  sentence  P  (x+ ,  y~ )  and  binary 
relation  -4,  the  sentence 

»/  x  -4  y 

then  if  P(x+,  y~)  then  P (y+ ,  x~ ) 

is  valid. 

If  we  could  add  this  sentence  to  our  deduced  set  for  each  relevant  sentence  P (x+ ,  y~),  we  could  achieve  a 
considerable  abbreviation  of  the  proof,  at  the  cost  of  a  dramatic  explosion  of  the  search  space.  The  extended 
system  will  behave  as  if  the  sentences  were  present,  achieving  the  same  abbreviation  of  the  proof  and,  at  the 
same  time,  collapsing  rather  than  exploding  the  search  space. 

We  begin  with  the  relation  replacement  rule,  which  is  our  generalization  of  the  paramodulation  rule. 


THE  GROUND  VERSION 

With  respect  to  a  given  relation  -4,  the  rule  allows  us  to  replace  subexpression  occurrences  with  larger  or 
smaller  expressions,  depending  on  their  polarity.  The  ground  version  of  the  rule  which  applies  to  sentences 
with  no  variables,  is  as  follows: 

Rule  (relation  replacement,  ground  version) 

For  any  binary  relation  -4,  ground  expressions  s  and  t,  and  ground  sentences  7\s  -4  tj  and  £{s+ ,  t~), 
we  have 

J\s  -4  t } 

n 

T\ false]  or  £(t+,  s~). 

Here  Q(t+ ,  s~)  is  obtained  from  ^(s+,  t~)  by  replacing  certain  positive  occurrences  of  s  with  t 
and  replacing  certain  negative  occurrences  of  t  with  s,  where  polarity  is  taken  in  £(s+,  t~)  with 
respect  to  -4.  ^ 

In  other  words,  if  J\s  t\  and  G(s^  ,  t~)  are  sentences  in  our  deduced  set,  we  can  add  to  the  set  the  sentence 
( 7{false ]  or  Q{t+  ,  s-)). 

For  a  particular  relation  -4,  we  shall  refer  to  this  rule  as  the  -^-replacement  rule:  thus,  ve  have  a  <- 
replacement  rule,  a  <-replacement  rule,  and  so  forth.  Although  the  rule  allows  us  to  replace  occurrences  in 


32 


5.  Thu  Relation  Replacement  Rule 


$(s+ ,  t~)  of  both  expressions  s  and  t  at  the  same  time,  it  is  typically  applied  to  replace  occurrences  of  one  or 
the  other  expression,  but  not  both.  Subsequent  application  of  transformation  rules,  to  remove  occurrences 
of  the  truth  symbols  true  and  false,  may  be  regarded  as  part  of  the  relation  replacement  rule  itself. 

There  is  a  polarity  strategy  for  the  relation  replacement  rule,  which  allows  us  to  apply  the  rule  only  if 
some  occurrence  of  s  -*  t  is  positive  (or  of  no  polarity)  in  7\s  -t  tj. 

Naturally  we  may  also  require  that  some  occurrence  of  s  or  t  is  actually  replaced;  otherwise,  £(t+,  s~) 
is  identical  to  ${s+ ,  t~),  and  the  sentence  we  obtain  is  (7{false I  or  §(s+,  t~))\  this  is  weaker  than  the 
sentence  $(s+ ,  t~),  which  was  already  in  the  deduced  set. 

In  illustrating  the  rule  we  draw  boxes  around  the  matching  occurrences  of  s  and  t. 


Example 

In  the  theory  of  the  nonnegative  integers,  suppose  our  deduced  set  contains  the  sentences 

-  */  P(a) 


then  (|  s  |  <  t)" 


9:  »<|Z]2 

Note  that  the  boxed  occurrence  of  s  in  $  is  positive  with  respect  to  the  less-than  relation  <.  Therefore  we 
can  apply  the  <-replacement  rule  to  replace  the  occurrence  of  s  in  p  with  t,  to  deduce 


then  false 


or  s  <  t2 , 


which  reduces  under  transformation  to 
(not  p(s))  or  s  <  t2 . 

The  above  application  of  the  rule  is  in  accordance  with  the  polarity  strategy,  because  the  occurrence  of 
3  <  t  is  positive  in  7 .  Note  that  not  every  occurrence  of  s  in  §  was  replaced  in  applying  the  rule. 

In  a  system  without  the  relation  replacement  rule,  we  could  have  deduced  the  same  conclusion  by 
applying  the  resolution  rule  in  sequence  to  7 ,  the  monotonicity  property 

xf  x  <  y 
then  x2  <  y2 , 

and  the  transitivity  property 

if  i  <  y 
then  if  y  <  z 

then  x  <  z. 

The  rule  allows  us  to  draw  the  conclusion  even  if  the  monotonicity  and  transitivity  properties  are  not  in  our 
deduced  set. 


The  following  illustration  of  the  rule  is  extracted  from  the  derivation  of  a  program  to  find  the  maximum 
element  of  a  list  of  numbers. 


5.  The  Relation  Replacement  Rule 


33 


Example 

In  a  theory  of  lists  of  numbers  (integers,  say),  suppose  our  deduced  set  contains  the  sentences 

*/  g(™)  =  h 

then  not  (m  <  [T])  + 

«  =  [  1 

and 

Uf  g(h)  e  t 

^  '  no  then  g(h.)  <  j  h  |~ 

Note  that  the  boxed  occurrence  of  h  in  Q  is  negative  with  respect  to  <.  Therefore  we  can  apply  the 
<-replacement  rule  to  replace  the  occurrence  of  h  in  §  with  m,  to  deduce 

».<  [;{ glm] ' 
then  not  false 

or 

*  =  [  I 

or 

nnt  Uf  9(h)  €  t 

n°  [then  g(h )  <  m) 

This  sentence  reduces  under  true- false  transformation  to 

t  =  (] 

or 

not  ^  9 M  6  1 

[tAen  g[h)  <  m 

The  above  application  of  the  rule  is  in  accordance  with  the  polarity  strategy,  because  the  subsentence 
m  <  h  is  positive  in  J .  ^ 

Let  us  now  establish  the  soundness  of  the  rule. 


Justification  (relation  replacement,  ground  version) 

We  show  that  the  given  sentences  J\s  -4  t]  and  $(s+,  t~)  imply  the  conclusion  ( I[false ]  or  $(t+,  s~}). 
We  distinguish  between  two  cases  and  show  that  in  each  case  one  of  the  two  disjuncts,  7{false\  or  ${t  + ,  s~), 
is  true. 

In  the  case  in  which  the  subsentence  s  -4  t  is  false,  we  know  (by  the  value  property,  because  s  -4  t  and 
false  have  the  same  truth  value  and  /[a  -4  t]  is  true)  that  the  first  of  the  disjuncts,  T[false\,  is  true. 

In  the  case  in  which  a  -4  t  is  true,  we  know  (by  the  polarity  replacement  proposition,  because  £{s+,  t~ ) 
is  true)  that  the  second  of  the  disjuncts,  £(f+ ,  s~),  is  true. 

As  with  the  resolution  rule,  we  have  established  the  soundness  of  the  ground  version  of  the  relation 
replacement  rule  when  applied  to  sentences  with  no  variables.  We  will  actually  apply  the  ground  version  of 
the  rule  to  sentences  with  variables.  The  above  justification  does  not  extend  to  this  case,  however,  because 
the  value  property  only  holds  for  ground  sentences.  Such  applications  are  an  instance  of  the  following  general 
version  of  the  rule. 


34 


5.  The  Relation  Replacement  Rule 


THE  GENERAL  VERSION 

We  are  now  ready  to  give  the  general  version  of  the  rule,  which  applies  to  sentences  with  variables  and 
allows  us  to  instantiate  the  variables  as  necessary  to  create  common  subexpressions. 

Rule  (relation  replacement,  general  version) 

For  any  binary  relation  -4,  expressions  s,  t,  s',  and  t,  and  sentences  7\s  -4  t]  and  $(s+ ,  t~),  where 
7  and  §  are  standardized  apart,  we  have 

7[s  -4  t] 

78[false\  or  §8(t8+,sd~) 

where  8  is  a  simultaneous,  most-general  unifier  of  s,7  and  of  t,t. 

More  precisely, 

•  7  has  one  or  more  subsentences  s  -4  t,  Si  -4  tlf  $2  -4  t2,  .  . . . 

•  $  has  one  or  more  subexpressions  s,  Sx,S2,  •  •  •  and  t,  ti,t2,  .... 

•  6  is  a  simultaneous  most-general  unifier  of  s,  si,  S2,  .  .  . ,  s',  si,  s2,  •  •  •  and  of  t,  £i,  t2,  •  •  •  , 
t,  1 1 ,  t2,  .  .  .  ;  hence 

s9  =  =■  32$  =  •  •  •  =  78  =  Sj 8  —  328  ~  . . . 

and 

td  =  tx8  =  t2S  =  ...  =  td  =  tid  =  t?8  =  _ 

•  The  conclusion  of  the  rule  is  obtained  by  replacing  all  occurrences  of  (s  -4  t)8  in  78  with 
false,  replacing  certain  positive  occurrences  of  s8  in  §9  with  td ,  replacing  certain  negative 
occurrences  of  td  in  C/8  with  sd,  and  taking  the  disjunction  of  the  two  results.  Here  polarity 
is  in  Cj 8  with  respect  to  - 4 . 

In  other  words,  we  apply  the  ground  version  of  the  rule  to  78  and  § 8 .  ^ 

The  justification  of  the  general  version  of  the  rule,  which  we  omit,  is  straightforward  now  that  the 
soundness  of  the  ground  version  has  been  established.  The  proof  is  analogous  to  the  proof  of  the  general 
version  of  the  resolution  rule.  The  polarity  strategy  for  this  rule  allows  us  to  assume  that  at  least  one 
occurrence  of  th»-  subsentence  (s  -*  t}9  is  positive  or  of  no  polarity  in  78. 

Example 

In  the  theory  of  sets,  suppose  our  deduced  set  contains  the  sentences 

7  >/  p[x) _ 

then  (t  h{x7aT'  C  [T"])*  or  ( j~hffc,  y)  \  C  [~x~[ ) 

and 

d  :  (.-  fr  h{u,  a)  |  +  ~  v)  or  q(u,  v), 


where  ~  is  the  set  difference  function. 


5.  The  Relation  Replacement  Rule 


35 


Note  that 

•  7  contains  the  (positive]  subsentences  h(x,  a)  C  b  and  h(b,  y)  C  x. 

•  The  boxed  subterms  h(x,  a),  h[b,  y),  and  h(u,a)  and  the  boxed  subterms  6  and  x  are 
simultaneously  unifiable,  with  most-general  unifier 

6  :  {x  *—  b,  u  *—  b,  y  <—  a}. 

•  The  boxed  occurrence  of  h(u,a)  is  positive  in  §  with  respect  to  C. 

Therefore  we  can  apply  the  C-replacement  rule,  replacing  all  occurrences  of  h(b,  a)  C  b  in  79  with  false, 
replacing  the  occurrence  of  h(b,a)  in  £ 6  with  b,  and  taking  the  disjunction  of  the  results,  to  obtain 

»/  P{b) 

then  false  or  false 
or 

(c  €  b  ~  v)  or  q{b,  u). 

This  sentence  reduces  under  transformation  to 
[not  p(b))  or  [c  €  b  ~  i>)  or  q[b,v). 

The  above  application  of  the  rule  is  in  accordance  with  the  polarity  strategy. 

Use  of  the  relation  replacement  rule  allows  a  dramatic  abbreviation  of  many  proofs.  For  this  reason 
and  because  the  rule  enables  us  to  eliminate  troublesome  axioms  from  the  deduced  set,  the  search  space 
is  constricted.  We  have  not  established  completeness  results  for  the  rule;  judging  from  the  corresponding 
theorem  for  paxamodulation  (Brand  I75]),  we  expect  such  results  to  be  difficult. 


SPECIAL  CASE:  THE  EQUALITY  REPLACEMENT  RULE 

The  most  important  instance  of  the  relation  replacement  rule  is  obtained  by  taking  the  relation  -*  to 
be  the  equality  relation  — .  This  special  case  of  the  rule,  which  allows  us  to  replace  equals  with  equils,  is  a 
nonclausal  version  of  the  paramodulation  rule.  It  may  be  expressed  as  follows: 


Rule  (equality  replacement) 

For  any  terms  s,  t,  7,  and  t,  and  sentences  7\s  =  t]  and  p(s,  t),  where  7  and  Q  are  standardized 
apart,  we  have 

7[*  =  t\ 

5  ft 

79\falsc\  or  Q9{t9,s9) 

where  9  is  a  simultaneous,  most-general  unifier  of  s,  7  and  of  t,  t. 


The  notation  is  analogous  to  that  for  the  general  relation-replacement  rule.  We  do  not  need  to  restrict 
the  polarity  of  the  replaced  subterms  s9  and  td  in  Q9,  because  any  term  has  both  polarities  with  respect  to 
the  equality  relation.  The  polarity  strategy  is  the  same  as  before. 

The  following  illustration  of  the  equality  replacement  rule  is  extracted  from  the  derivation  of  an  integer 
quotient  program. 


36 


5.  The  Relation  Replacement  Rule 


Example 

In  the  theory  of  the  nonnegative  integers,  suppose  our  deduced  set  contains  the  sentences 

7:  (|  O  u  |  =  0)  + 

and 

£  :  not  (  z-d  <n  and  (z -(- l)  •  d  >  n). 

(In  the  derivation,  7  is  an  axiom  and  £  is  deduced  from  the  negation  of  the  theorem.) 

Note  that 

•  7  contains  the  (positive)  subsentence  0  ■  it  =  0. 

•  The  boxed  subterms  0  •  u  and  z  ■  d  are  unifiable,  with  most-general  unifier 

6  :  (z  * —  0,  u  ♦ —  d}. 

Therefore  we  can  apply  the  —replacement  rule,  replacing  all  occurrences  of  0  ■  d  =  0  in  with  false, 
replacing  the  occurrence  of  0  ■  d  in  £0  with  0,  and  taking  the  disjunction  of  the  results,  to  deduce 

false 

or 

not  (0  <  n  and  (0  +  1)  •  d  >  n) . 

This  sentence  reduces  under  true-false  transformation  to 
not  (O  <  n  and  (0  +  1)  d  >  n) .  ^ 


SPECIAL  CASE:  THE  EQUIVALENCE  REPLACEMENT  RULE 

Another  important  instance  of  the  relation  replacement  rule  is  obtained  by  taking  the  relation  -«  to  be 
the  equivalence  connective  =  .  This  is  possible  only  because  we  regard  connectives  as  relations  over  truth 
values.  The  rule  is  analogous  to  the  equality  replacement  rule. 

Rule  (equivalence  replacement  rule) 

For  any  sentences  5,7,?,  7,  7\S  =  7],  and  £{5,  7),  where  7  and  Q  are  standardized  apart,  we  have 

7[5eeT] 

9<2,f) 

76\false)  or  £0(70,50) 

where  0  is  a  simultaneous,  most-general  unifier  of  5,  ?  and  of  7,  7. 

As  in  the  equality  replacement  rule,  we  do  not  need  to  restrict  the  polarities  of  the  replaced  subsentences 
50  and  70  in  £0,  because  any  subsentence  has  both  polarities  with  respect  to  the  equivalence  relation.  The 
polarity  strategy  is  the  same  as  for  the  general  relation-replacement  rule. 

The  following  illustration  of  the  equivalence  replacement  rule  (or  ^-replacement  rule)  is  drawn  from  the 
derivation  of  a  program  to  find  the  maximum  of  a  list  of  numbers  (e.g.,  integers  or  reals). 


6.  The  Relation- Matching  Rule 


37 


Example 

In  the  theory  of  lists  of  (say)  integers,  suppose  our  deduced  set  contains  the  sentences 
if  not  (x  =  {  }) 

=  [u  =  h  or  u  £  t]j 


/: 


then 


u  €  x 


and 


z  £  a  and 


if  g{z)  £  a 


[t/ien  z  >  g(z) J 

(In  the  derivation,  ?  is  an  axiom  and  £  is  deduced  from  the  negation  of  the  theorem.) 

Note  that  the  boxed  subsentences  u  £  x  and  g(z)  £  a  are  unifiable,  with  most-general  unifier 
6  :  { u  ♦  g(z),  X  —  a}. 

Therefore  we  can  apply  the  =-replacement  rule,  replacing  the  occurrence  of  g(z )  €  3  in  Q8  with 
g{z)  =  i.  or  g(z )  6  t, 

to  deduce 

\if  not  (a  =  {  })' 
then  false 
or 

z  6  a  and 

not  |  |  if  \g[z)  =  h  or  p(z)  £  t] 
then  z  >  g[z) 


This  sentence  reduces  under  transformation  to 


S  =  {} 


or 


z  £  a  and 

not 

'f  [sM  =h  or  g(z)  £  t] 

then  z  >  g(z) 

6.  THE  RELATION-MATCHING  RULE 


We  are  about  to  introduce  not  a  rule  in  itself  but  an  augmentation  of  the  other  rules.  The  resolution  and 
relation  replacement  rules  draw  a  conclusion  when  one  subexpression  in  our  proof  unifies  with  another.  The 
relation-matching  augmentation  allows  these  rules  to  apply  even  if  the  two  expressions  fail  to  unify,  provided 
that  certain  conditions  can  be  introduced  into  the  conclusion.  We  begin  by  describing  the  augmentation  of 
the  resolution  rule. 


RESOLUTION  WITH  RELATION  MATCHING:  GROUND  VERSION 


This  rule  is  our  generalization  of  the  E-resolution  rule.  The  ground  version  of  the  rule  is  as  follows: 


38 


6.  The  Relation- Matching  Rule 


r' 


I 

& 


Rule  (resolution  with  relation  matching,  ground  version) 

For  any  binary  relation  -4,  ground  expressions  a  and  t,  and  ground  sentences  P(a+,  t+,  a~ ,  t~), 
7[P(s+ ,  s+ ,  t~,  t-)],  and  p[P(t+,  t+ ,  s~ ,  a-)]  we  have 

?[P(*+,  *+,  t~,  t~)] 

9[P{t+,  t+,  s~, »-)] 
if  a  ^  t 

then  7\false j  or  Q\true\ 


•  P(s+,  t+ ,  s  ,  t  )  is  an  arbitrary  sentence,  called  the  intermediate  sentence,  which  may 
have  positive  and  negative  occurrences  of  s  and  t;  polarity  is  taken  with  respect  to  -4. 

•  The  sentence  7  may  have  several  distinct  subsentences  P(s+,  a+ ,  t~ ,  t~),  each  obtained 
from  the  intermediate  sentence  P(a+,  t+,  s~ ,  t~)  by  replacing  certain  of  the  positive 
occurrences  of  t  with  a  and  certain  of  the  negative  occurrences  of  a  with  t. 

•  Similarly,  9  may  have  several  distinct  subsentences  P(t+ ,  t+,  s~ ,  s~),  each  obtained  from 
the  intermediate  sentence  by  replacing  certain  of  the  positive  occurrences  of  a  with  t  and 
certain  of  the  negative  occurrences  of  t  with  a. 

For  a  particular  relation  -4,  we  shall  refer  to  the  above  as  the  resolution  rule  with  -(-matching. 

Note  that  if  all  the  subsentences  P(a+,  a+ ,  t~,  t~)  and  P{t+,  t+,  a~ ,  a~)  were  identical,  we  could 
apply  the  original  resolution  rule,  obtaining  the  conclusion  (7[false\  or  9{true}).  The  augmented  rule  allows 
us  to  derive  the  same  conclusion  rule  even  if  the  subsentences  P  do  not  match  exactly,  provided  that  the 
mismatches  occur  between  terms  s  and  f  of  restricted  polarity  and  that  the  condition  a  -4t  is  introduced. 

The  polarity  strategy  allows  us  to  apply  the  rule  only  if  an  occurrence  of  one  of  the  sentences  P  (a+ ,  s+  ,t~  ,t~) 
is  positive  or  of  no  polarity  in  7  and  if  an  occurrence  of  one  of  the  sentences  P (t+ ,  t+,  a~ ,  a~)  is  negative 
or  of  no  polarity  in  9 ■ 

Note  that  the  intermediate  sentence  P (s+ ,  t+,  a~ ,  t~)  does  not  necessarily  appear  in  either  of  the 
sentences  of  the  deduced  set  and  that  the  rule  does  not  stipulate  how  to  find  such  a  sentence.  We  shall 
discuss  the  choice  of  the  intermediate  sentence  in  the  subsection  Selection  of  Application  Parameters. 

Example 

In  the  theory  of  lists,  suppose  that  our  deduced  set  includes  the  sentences 
7  ■■  p(£)  or  rT"e_(taiZ(£))^']+ 


9  :  if  c€  i+  then  q(l). 

The  two  boxed  subsentences  are  not  identical.  Let  us  take  our  intermediate  sentence  to  be  one  of  them, 
P  :  c  6  tail(t).  The  subterm  a+  :  tail(l)  is  positive  in  c  £  tail(i)  with  respect  to  the  proper-sublist  relation 
The  other  boxed  subsentence  c  6  t  can  be  obtained  by  replacing  this  subterm  with  t+  :  t.  Therefore 
we  can  apply  the  resolution  rule  with  Xj,, (-matching  v,o  obtain 

if  tail(i)  <u,t  t 
then  p(l)  or  false 
or 

if  true  then  q(t), 


vs&Y'&y&w- 


6.  The  Relation- Matching  Rule 


39 


which  reduces  under  transformation  to 

if  tail(t)  <n,t  t 
then  p(l)  or  q(i). 


We  shall  give  some  more  complex  examples  of  the  application  of  the  rule  after  we  establish  its  soundness. 


Justification  (resolution  with  relation  matching,  ground  version) 

Note  that  (by  the  invertibility  of  partial  replacement)  the  intermediate  sentence  P  (s+ ,  t+ ,  s~ ,  t~)  can 
be  obtained  from  any  of  the  subsentences  P (s+ ,  s+,  t~ ,  t~)  of  7  by  replacing  certain  positive  occurrences 
of  s  with  t  and  certain  negative  occurrences  of  t  with  s,  where  polarity  is  taken  in  P  with  respect  to 
Therefore  (by  the  polarity  replacement  proposition)  each  of  the  sentences 

if  s  t 

(f)  then  if  P(s+,  s+,  t~,  t~) 

then  P(s+ ,  t+ ,  s~  ,  t~ ) 

is  valid. 

Also  any  of  the  subsentences  P  (t+ ,  t+ ,  s~ ,  3~)  of  Q  can  be  obtained  from  the  intermediate  sentence 
P(s+ ,  t+,  s~ ,  t~)  by  replacing  certain  positive  occurrences  of  s  with  t  and  certain  negative  occurrences  of 
t  with  3.  Therefore  (by  the  polarity  replacement  proposition  again)  each  of  the  sentences 

t  J  a  t 

(t)  then  if  P(s+,  t+ ,  3 ~,  t~) 

then  P{t+,  t+ ,  s',  s~) 

is  valid. 

Suppose  that  the  sentences  7\P{s+,  s+,  t~ ,  t-)]  and  £[,P(t+,  t+ ,  3~ ,  s~)]  are  true  and  that  s  ^  t. 
We  would  like  to  show  that  then  [7\false\  or  Q\true\)  is  true.  The  proof  distinguishes  between  two  cases, 
depending  on  whether  the  intermediate  sentence  P (s+ ,  t+ ,  3~ ,  f-)  is  false  or  true.  We  show  that  in  each 
case  one  of  the  two  disjuncts,  7\false]  or  ^[true],  is  true. 

Case :  P (s+ ,  t+ ,  s',  t~)  is  false 

Then  by  our  previous  conclusion  (f),  because  s  ^  t,  we  know  each  of  the  subsentences  P(s+ ,  s+,  t~ ,  t~) 
of  7  is  false.  Because  7\P{s+ ,  s+,  t~ ,  t~ )]  is  true  and  because  the  subsentences  P (s+ ,  s+,  t~ ,  t~)  and 
false  all  have  the  same  truth  value,  we  know  (by  the  value  property)  that  the  first  disjunct,  7\false\,  is  true. 

Case :  P (s  + ,  t+,  s_,  t~)  is  true 

Then  by  our  previous  conclusion  ({),  because  s  ^  t,  we  know  each  of  the  sentences  P (t  + ,  t+,  s',  s') 
is  true.  Because  P[^(t+,  t+,  s',  s')]  is  true  and  because  P(t+,  t+,  s_,  s_)  and  true  have  the  same  truth 
value,  we  know  (by  the  value  property  again)  that  the  second  disjunct,  Q\true\,  is  true. 


The  resolution  rule  with  relation  matching  must  be  regulated  with  strict  heuristic  controls;  if  the  controls 
are  too  permissive,  any  two  subsentences  may  be  matched. 

The  following  example  is  a  bit  contrived  but  illustrates  some  of  the  power  of  the  rule. 


40 


6.  The  Relation- Matching  Rule 


Example 


In  the  theory  of  sets,  suppose  our  deduced  set  includes  the  two  sentences 


e  e  ((s+  ~  a)  U  (6  ~  t~)  U  (t+  ~  c)  U  (d  ~  t-)) 

+ 

or 

e  €  ((s+  ~  a)  U  (b  ~  s~)  U  ( a+  ~  c)  U  (d  ~  i-)) 

and 


e  6  ((£+  ~  a)  U  (6  ~  s")  U  (t+  ~  c)  U  (d  ~  t~)) 

- 

$  :  not 

and 

e  e  ((s+  ~  a)  U  (b  ~  s~)  U  (t+  ~  c)  U  (d  ~  s~)) 

Let  us  take  our  intermediate  sentence  to  be 

P  :  e€  ((s+  ~  a)  U  (6  ~  s")  U  (t+  ~  c)  U  (d  ~  t~)). 

The  occurrences  of  s  and  t  have  been  annotated  with  their  polarities  in  P  with  respect  to  the  proper-subset 
relation  C.  Note  that  each  of  the  boxed  sentences  in  7  may  be  obtained  from  P  by  replacing  certain  of  the 
positive  occurrences  of  t  with  a  and  certain  of  the  negative  occurrences  of  a  with  t.  Abo,  each  of  the  boxed 
subsentences  of  Q  may  be  obtained  from  P  by  replacing  certain  of  the  positive  occurrences  of  a  with  t  and 
certain  of  the  negative  occurrences  of  t  with  a.  Therefore  we  can  apply  the  resolution  rule  with  C-matching 
to  obtain 


if  a  C  t 

then  falae  or  false 
or 

not  (true  and  true), 

which  reduces  under  transformation  to  the  sentence 
not  (s  C  t).  ^ 


Note  that  this  conclusion,  obtained  by  a  single  application  of  the  rule,  b  not  immediately  evident  to  the 
human  reader. 


SPECIAL  CASE:  RESOLUTION  WITH  EQUALITY  MATCHING 


In  the  case  in  which  the  relation  -«  is  taken  to  be  the  equality  relation  =,  the  resolution  rule  with 
relation  matching  reduces  to  a  nonclausal  variant  of  the  E-resolution  rule.  It  may  be  expressed  (in  the 
ground  version)  as  follows: 

Rule  (resolution  with  equality  matching) 

For  any  terms  3  and  t  and  sentences  P (a,t,  s,t),  7[P(a,s,t,t,)],  and  Q  [P(t,  t,  a,  .•)] ,  we  have 

7[P(a,a,t,t)] 

5[P(t,t,a,a)) 

if  a  =  t 

then  7\falae ]  or  Q\true\. 


6.  The  Relation- Matching  Rule 


41 


I 


i 

iT- 

i 

i 

V 


Here  P(a,  a,  t,  t)  and  P(t,  t,  a,  a)  are  obtained  from  P(a,  t,  a,  t)  by  replacing  certain  occurrences  of  a  with  t  and 
certain  occurrences  of  t  with  a.  In  other  words,  all  the  subsentences  P(s,a,t,t)  and  P(t,t,s,a)  a re  identical 
except  that  one  may  have  occurrences  of  a  where  another  has  occurrences  of  t.  We  do  not  need  to  restrict 
the  polarities,  because  every  subterm  of  a  sentence  is  both  positive  and  negative  with  respect  to  the  equality 
relation. 


MULTIPLE  MISMATCHED  SUBSENTENCES 

The  resolution  rule  with  relation  matching  can  be  extended  to  allow  several  corresponding  pairs  of 
subexpressions  ai,ti,s2,t2,  •••  and  sn,tn  rather  than  a  single  pair  a,t,  and  several  binary  relations 
,  . . . ,  and  rather  than  a  single  binary  relation  To  write  the  extended  rule  succinctly,  we  abbreviate 
Si,  s2,  .  . .  ,an  as  a,  tJf  t2,  .  . . ,  tn  as  t,  -<!,  -<2,  . . . ,  and  as  A,  and 

si  ^1  ti  and  s2  ^2  t2  and  . . .  and  s„  tn  as  s  A  t. 

Then  for  any  binary  relations  •-(,  expressions  i  and  t,  and  sentences  P(S+  ,t+,S~ ,t~),  7[P($+ ,  s+,  t~ ,  £“)], 
and  § \P (t+ ,  t+ ,  3~  ,  S~ )] ,  we  have 

/[P(i+,l+,t-,t->] 

if  s  ^  t 

then  J[falae\  or  §\true\. 

The  extended  rule  is  easily  justified,  given  the  soundness  of  the  original  rule. 


RESOLUTION  WITH  RELATION  MATCHING:  GENERAL  VERSION 

The  general  version  of  the  rule  allows  us  to  instantiate  the  variables  of  the  given  sentences  as  necessary 
and  then  to  apply  the  ground  version.  The  precise  statement,  which  we  omit,  is  analogous  to  the  precise 
statement  of  the  general  version  of  the  resolution  rule.  We  illustrate  the  application  of  the  general  rule  with 
an  example. 

Example 

Suppose  our  deduced  set  contains  the  sentences 

„  if  ?(«) 


then 


p(u+,u+) 


and 


not 


p(t+,m+) 


Here  the  annotations  of  the  subterms  within  the  boxed  subsentences  indicate  their  polarity  in  these  subsen¬ 
tences  with  respect  to  a  binary  relation 

The  substitution  6  :  {u  *—  £}  fails  to  unify  the  boxed  subsentences  of  J  and  the  results  of  applying  6 
to  these  subsentences  are  the  sentences  p(£+,£+)  and  p(£+,  /(£)  +  ),  respectively.  Note  that  the  mismatched 
occurrences  of  £  and  /(£)  are  positive  in  these  sentences  with  respect  to 


ah  -*'1  kk!.  : 


42 


6.  The  Relation- Matching  Rule 


To  apply  the  ground  version  of  the  rule  to  79  and  g9,  let  us  take  the  intermediate  sentence  to  be 
p(f+,f+).  We  obtain 

«/ 1  m 

then  ’■{  or  ( not  true), 

then  false  '  ' 

which  reduces  under  true-false  transformation  to 

«/  t  *  f[t) 

then  notq(t). 


SELECTION  OF  APPLICATION  PARAMETERS 

For  each  application  of  the  resolution  rule  with  relation  matching,  we  must  select  the  application  pa¬ 
rameters,  i.e.,  the  substitution  6,  the  intermediate  sentence  P,  and  the  subexpressions  a  and  t.  In  fact,  a 
satisfactory  choice  of  application  parameters  is  not  straightforward:  it  depends  on  what  other  sentences  are 
in  the  deductive  set.  Some  considerations  influencing  the  decision  are  illustrated  in  the  next  few  sections. 

Choice  of  Substitution 

The  substitution  9  and  the  intermediate  sentence  P  for  applying  the  rule  are  not  necessarily  unique. 

In  the  example  above,  consider  again  the  boxed  subsentences  p(u+,u+)  and  p(l+ ,  /(f)+)  of  7  and  g. 
Instead  of  the  substitution  9  :  {u  <-  £},  consider  the  substitution  9'  :  (u  <—  /(f)}.  This  substitution  also 
fails  to  unify  the  boxed  subsentences;  the  results  of  applying  9'  to  the  boxed  subsentences  are  the  sentences 
p(/(^)+>  fW  +  )  and  p(f+>/(f)+)>  respectively.  Note  that  the  mismatched  occurrences  of  /(f)  and  f  are 
positive  in  these  sentences  with  respect  to 

To  apply  the  ground  version  of  the  rule  to  79'  and  g9',  let  us  take  the  intermediate  sentence  to  be 
p(/(^)+i  /(f)+)-  We  obtain 

«/  /(f)  d  f 

then  *■{  or  (not  true), 

then  false 

which  reduces  under  true-false  transformation  to 

if  /(f)  1  f 

then  notq(i). 

This  is  not  equivalent  to  the  sentence  we  obtained  by  applying  the  rule  with  the  substitution  9, 

H  t  <  f(t) 

then  notq(l). 

In  other  words,  we  must  consider  both  ways  of  applying  the  rule. 

To  Unify  or  Not  to  Unify 

In  previous  examples,  we  have  applied  the  resolution  rule  with  relation  matching  only  when  it  is  illegal 
to  apply  the  ordinary  resolution  rule  because  the  matched  subsentences  fail  to  unify.  In  some  cases,  however, 
we  must  use  relation  matching  to  obtain  a  refutation  even  though  the  matched  subsentences  do  unify  and 
the  resolution  rule  could  be  applied. 


6.  The  Relation- Matching  Rule 


43 


S 


For  example,  suppose  our  deduced  set  consists  of  the  sentences 

1.  p(x+)  or  <j(x+) 

2.  not  p(a+)  ~ 

3.  not  q(b+) 

4.  c  ^  a 

5.  c  -<b, 

where  x  is  positive  in  the  boxed  subsentence  p(x)  and  in  the  subsentence  q(x)  with  respect  to  the  relation 
as  indicated  by  its  annotation. 

It  is  legal  to  apply  the  ordinary  resolution  rule  to  the  first  two  sentences,  taking  the  unifier  to  be 
{x  <—  a},  to  deduce  (after  transformation) 


However,  this  sentence  is  of  no  use  in  a  refutation. 

If  instead  we  apply  the  resolution  rule  with  -^-matching  to  the  same  boxed  subsentences,  taking  the 
unifier  to  be  the  empty  substitution  {  },  we  obtain  (after  transformation) 

6.  if  x  -<  a  then  g(x+)  +. 

We  can  then  apply  the  resolution  rule  to  sentences  6  and  3,  taking  the  unifier  to  be  the  empty  substitution 
{  },  to  obtain  (after  transformation) 

7.  if  x  ^  b  then  not  (x  a). 

We  finally  obtain  a  refutation  by  applying  the  resolution  rule  to  this  sentence  and  the  last  two  sentences  in 
turn;  the  unifier  is  {x  <—  c}. 

In  applying  the  ordinary  resolution  rule,  we  committed  x  to  be  a;  this  turned  out  to  be  a  mistake.  In 
applying  the  resolution  rule  with  -^-matching  instead,  we  left  x  free  to  be  any  element  such  that  x  r*  <*;  in 
particular,  we  could  then  take  x  to  be  c. 

Choice  of  Mismatched  Subexpressions 

In  the  examples  of  resolution  with  relation  matching  we  have  seen,  we  have  always  taken  the  mismatched 
subexpressions  s  and  t  to  be  as  small  as  possible.  Sometimes  this  choice  costs  us  a  proof. 

For  instance,  suppose  our  deduced  set  consists  of  the  sentences 


2.  not  p(/(6)) 

3.  f(a)  =  f(b). 

If  we  apply  the  resolution  rule  with  equality  matching  to  the  first  two  sentences,  taking  s  to  be  a  and  t 
to  be  6,  we  obtain 

if  a  =  b 

then  false  or  not  true, 
which  reduces  under  transformation  to 
not  (a  =  b). 


tv 


44 


6.  The  Relation-Matching  Rule 


This  sentence  is  of  no  use  in  a  refutation. 

On  the  other  hand,  if  instead  we  apply  the  same  rule  taking  a  to  be  /(a)  and  t  to  be  /(b),  we  obtain 

if  /w  =  m 

then  false  or  not  true, 
which  reduces  under  transformation  to 
not(f(a)  =  /(b)). 

A  refutation  can  be  obtained  immediately  by  applying  the  resolution  rule  to  the  third  sentence  and  this  one. 

In  the  preceding  examples,  we  have  seen  that  in  applying  the  resolution  rule  with  relation  matching, 
the  choice  of  appropriate  application  parameters,  i.e.,  the  substitution  6,  the  intermediate  sentence  P  and 
the  mismatched  subexpressions  a  and  t,  are  not  unique  and  depend  on  the  other  sentences  in  the  deduced 
set.  Digncoh  [83]  provides  an  algorithm  to  generate  all  legal  sets  of  application  parameters.  This  algorithm 
is  Phrased  in  terms  of  his  variant  of  the  E-resolution  rule  but  extends  readily  to  the  general,  nonclausal 
case.  Digncoh  also  suggests  a  heuristic  viability  criterion  for  selecting  a  single  appropriate  set  of  application 
parameters,  this  criterion  appears  to  extend  to  the  general  case  as  well. 


REPLACEMENT  WITH  RELATION  MATCHING:  GROUND  VERSION 

We  have  shown  how  to  augment  the  resolution  rule  to  apply  even  if  the  matched  subsentences  are  not 
entirely  unified  by  the  substitution.  We  now  introduce  an  analogous  augmentation  of  the  relation  replacement 


Rule  (replacement  with  relation  matching,  ground  version) 

For  any  binary  relations  -<i  and  -^2,  ground  expressions  s,  t,  u(s+  ,t+ ,  s~  ,t~),  and  v(s+ ,t+ ,  s~  ,t~), 
and  ground  sentences  / ' 

7[u(s+,  S+,  t~,  t~)  -<!  v(s+,  a+,  t~,  f~>] 

and 


$(u(t  +  ,  t+,  a",  3~)  +  ,  V(t+,  *+,  S',  3-)-), 
we  have 

J[u(s+,  s+,  t~,  t~)  u(«+,  «+,  f-)] 

P(u(t+,  t+,  s~,  a-)  +  ,  v<t+,  t+,  a",  s')-) 
if  j  ( 

then  7\false ]  or  5{v(t+,  t+ ,  s',  j-)  +  ,  u(t+,  t+,  s',  s~)~) 

Here 


•  The  expressions  u{s+,  t+,  s',  t~)  and  v(.<+ ,  t+,  s',  t~)  are  arbitrary  expressions.  The 
sentence  u(s  ,  t  ,  s  ,  t  )  -*i  t'(s+,  t  +  ,  s  ,  t~)  is  called  the  intermediate  sentence. 


•  The  subsentences  u(s+,  s+,  t  ,  t~)  u(s+,  a+,  f,  t~ )  of  J  are  obtained  from  the 

intermediate  sentence  by  replacing  certain  positive  occurrences  of  t  with  s  and  certain 
negative  occurrences  of  s  with  t,  where  polarity  is  taken  in  the  intermediate  sentence  with 
respect  to 

•  The  subexpressions  u(t+,  £+,  s',  s')  and  u(t+,  t+,  s',  s~)  of  $  are  obtained  from 
u(s+,  t  +  ,  s  ,t  )  and  u(s+,  t+,  s',  t~),  respectively,  by  replacing  certain  occurrences  of  a 


6.  The  Relation- Matching  Rule 


45 


with  t  and  certain  occurrences  of  t  with  s,  where  again  polarity  is  taken  in  the  intermediate 
sentence  with  respect  to  -<2- 

•  The  subsentence  £(u(f+,  t+,  s~ ,  s')  +  ,  u(t+,  t+ ,  s',  s')')  of  the  conclusion  is  obtained 
from  g(u{t+,  t+,  s',  s')+,  t+ ,  s',  $“)“)  by  replacing  certain  positive  occur¬ 

rences  of  u(t+,  t+,  s',  s')  with  o(f+,  t+ ,  s',  s')  and  certain  negative  occurrences  of 
v(t+,  t+,  s',  s')  with  u(t+,  t+ ,  s',  s'),  where  the  polarity  of  u  and  v  is  taken  in  Q  with 
respect  to  -4\.. 


For  particular  binary  relations  -<x  and  -«2i  we  shall  call  this  the  -4 1- replacement  rule  with  -*2 -matching. 
Note  that  if  u(t+,  t+,  s',  s')  and  ti{t+,  t+ ,  s',  s")  were  identical  to  u(s+,  s+,  t~,  £')  and  v(s+ ,  s+,  t“,  t"), 
respectively,  we  could  apply  the  original  -<! -replacement  rule  without  -^-matching,  obtaining  the  conclusion 

7\false\  or  $(v(t+,  t+ ,  s',  s')  +  ,  u(t+,  f+,  s',  s')'). 

The  augmented  rule  allows  us  to  derive  the  same  conclusion,  even  if  the  subexpressions  do  not  match  exactly, 
provided  that  the  mismatches  occur  between  subexpressions  s  and  t  of  restricted  polarity  with  respect  to 
-<2  and  that  the  condition  s  t  is  added. 


Example 

In  a  theory  that  includes  the  lists  and  the  integers,  suppose  our  deduced  set  contains  the  sentences 


7  :  (  length{m  )  <  a)  or  p(m) 


and 


g  :  if  q{t)  then  (  length(£  )  +  >  b), 


where  £  and  m  are  lists  and  a  and  b  are  integers. 


The  two  boxed  subexpressions  are  not  identical,  so  we  cannot  apply  the  original  <-replacement  rule. 
To  apply  the  augmented  rule,  let  us  take  our  intermediate  sentence  to  be  length(t)  <  a.  With  respect  to  the 
proper  sublist  relation  the  subterm  s'  :  £  is  negative  in  the  intermediate  sentence  u  -<1  v  :  length[t)  <  a. 

From  this  sentence  we  can  obtain  the  subsentence  length(m)  <  a  of  7  by  replacing  the  1  egative  occurrence 
of  l  with  t~  :  m.  Therefore,  by  the  <-replacement  rule  with  -Cji^t-matching,  we  deduce 


t/  t  <u,t  m 
then  false  or  p(m) 
or 

if  7 (£)  then  a  >  6. 

Here  the  subsentence  a  >  b  of  r,he  conclusion  is  obtained  from  the  subsentence  length(£ )  >  b  of  g  by  replacing 
a  positive  occurrence  of  u+  :  length(i)  with  v+  :  6,  where  polarity  is  taken  in  g  with  respect  to  the  weak 
less-than  relation  <.  The  conclusion  reduces  under  transformation  *0 

if  t  <iltt  rn 
then  p(m)  or 

if  q{i)  then  a  >  b. 


Now  let  us  establish  the  soundness  of  the  rule. 


Justification  (replacement,  with  relation  matching,  ground  version) 

Note  that  (by  the  invertibility  of  partial  replacements),  the  intermediate  sentence  u(s  ,  t  )  -4j 

v(s  f  ,  t +  ,  s  ,  t~)  can  be  obtained  from  any  of  the  subsentences  u(s+  ,  s  +  ,  t  ” ,  t  “ )  -4 1  v(s  f  ,  s  1  .  t  ,  t  )  of 


46 


6.  The  Relation- Matching  Rule 


7  by  replacing  certain  positive  occurrences  of  a  with  t  and  certain  negative  occurrences  of  t  with  s,  where 
polarity  is  taken  in  the  subsentences  with  respect  to  -<2.  Therefore  (by  the  polarity  replacement  proposition), 
each  of  the  sentences 

if  s  t 

(t)  then  if  u(s+ ,  s+ ,  t~ ,  t~)  -<i  v(s+ ,  a+,  t~ ,  t~) 

then  u(s+,  t+,  a-,  t~)  -<!  u(a+,  t+ ,  s~ ,  t~) 

is  valid. 

Also  any  of  the  sentences  u(t+,  t+,  s~ ,  s~)  -*i  v(t+,  t+,  3~ ,  s~)  can  be  obtained  from  the  intermediate 
sentence  u(a+,  t+,  s~ ,  t~)  -<i  u(a+,  t+,  s~ ,  t~)  by  replacing  certain  positive  occurrences  of  a  with  t  and 
certain  negative  occurrences  of  t  with  a,  where  polarity  is  taken  in  the  intermediate  sentence  with  respect  to 
-<3.  Therefore  (by  the  polarity  replacement  proposition  again)  each  of  the  sentences 

if  s  t 

(t)  then  if  u(a+,  t+ ,  s',  t~)  -<i  v(s+ ,  t+ ,  a",  t~) 

then  u(t+,  t+ ,  a-,  s~)  -<i  v(t+ ,  t+ ,  s~ ,  s~) 

is  valid. 

Furthermore  the  subsentence  g(v(t+ ,  t+,  a-,  a_)+,  u(t+,  t+,  a-,  s~)~)  of  the  conclusion  can  be 
obtained  from  the  given  sentence  $(u.(t+,  t+ ,  s~ ,  s~)+,  v{t+ ,  t+ ,  s~ ,  s~)~)  of  the  deduced  set  by  replacing 
certain  positive  occurrences  of  u(t+,  t+ ,  a-,  s~)  with  v(t+ ,  t+,  a”,  a-)  and  certain  negative  occurrences  of 
v(t+ ,  t+ ,  s~ ,  s~)  with  u{t+ ,  t+,  3~,  s~),  where  polarity  is  taken  in  Q  with  respect  to  -*j.  Therefore  (by 
the  polarity  replacement  proposition  once  again)  each  of  the  sentences 

if  u{t  +  ,  t+,  3~ ,  3~)  -<!  v(t  +  ,  t+,  ,  S~) 

(It)  then  if  g(u{t+,  t+,  a~,  3~)  + ,  «(t+,  t+,  a",  a")) 

then  g(v{t+,  t+,  s~,  a-)  +  ,  u(t+,  t+ ,  a",  s~)~) 

is  valid. 

Suppose  that  the  ground  sentences 

7[u(a+,  a+,  t~,  t~)  -<i  v(a+,  a+,  t~ ,  t")]  and  £(u(t+,  t+ ,  a“,  s~)+,  v(t+ ,  t+ ,  a",  a")~) 

are  true  and  that  a  ^2  We  would  like  to  show  that  then 

T\false\  or  g(v(t+,  t+,  a-,  a")  +  ,  u(t+,  t+ ,  a",  s~)~) 

is  true.  The  proof  distinguishes  between  two  cases,  depending  on  whether  the  intermediate  sentence  is  false  or 
true.  We  show  that  in  each  case  one  of  the  two  disjuncts,  7\false ]  or  g(v(t+ ,  t+ ,  s~  ,  a~)+,  u(t+ ,  t+  ,s~  ,s~)~), 
is  true. 


Case:  u(a+,  t+,  a  ,  t  )  -<!  v(s+ ,  t+ ,  a  ,  t  )  is  false 

Then  by  our  previous  conclusion  (|),  because  a  ^2  t,  we  know  each  of  the  subsentences  u(a+ ,  a+,  t~ ,  t~)  -<i 
u(a+,  a+,  t~ ,  t~)  of  7  is  false.  Because  7[u(a+,  a+,  t~ ,  t~)  -*!  v(a+,  a+,  t~ ,  t-)]  is  true  and  because  the 
sentences  u(s  +  ,  a+,  t~ ,  t~)  -<i  u(a+,  a+,  t~ ,  t~)  and  false  all  have  the  same  truth  value,  we  know  (by  the 
value  property)  that  the  first  disjunct,  T\false],  is  true. 

Case:  u(a+,  t+,  s~  ,  t~)  u(a+ ,  t4,  a“,  t~ )  is  true 

Then  by  our  previous  conclusion  (1),  because  a  -*2  t,  we  know  each  of  the  sentences  u(t+,  t+,  a~,  a-)  -<i 
v(t+ ,  t+,  a-,  a-)  is  true.  Therefore  by  several  applications  of  our  previous  conclusion  (ft),  because 


g(u{t  +  ,  t  +  t  a",  s-)+,  v(t+,  t  +  ,  a",  a")-) 


6.  The  Relation- Matching  Rule 


47 


is  true,  we  know  that  the  second  disjunct, 

p(u(t+,  t+,  s-,  a-)+,  u(t+,  t+,  s',  s')~), 

is  true. 

In  each  case,  we  have  shown  that  the  desired  conclusion  is  true. 


REPLACEMENT  WITH  RELATION  MATCHING:  GENERAL  VERSION 

The  general  version  of  the  rule  allows  us  to  instantiate  the  variables  of  the  given  sentences  as  necessary 
and  then  to  apply  the  ground  version.  We  omit  the  precise  statement,  which  is  analogous  to  the  general 
version  of  the  relation  replacement  rule,  but  we  illustrate  the  general  version  with  an  example  extracted 
from  the  derivation  of  a  program  to  sort  a  list  of  numbers. 

Example 

In  a  theory  of  lists  of  (say)  integers,  suppose  our  deduced  set  contains  the  sentences 

=  perm[xi  Dt,,  yi  ny2)l 


and 

$  :  not  [ordered(z)  and 

Here  the  term  x\  o  x2  is  the  result  of  appending  the  lists  Xi  and  x2,  and  the  term  (u)  is  the  list  whose  sole 
element  is  u.  Also,  perm(£,  z)  holds  if  the  list  l  is  a  permutation  of  the  list  z,  and  ordered[z)  holds  if  the 
elements  of  z  are  in  (weakly)  increasing  order.  In  the  derivation,  7  is  one  of  the  axioms  for  the  permutation 
relation,  which  states  that  two  lists  are  permutations  if  they  are  still  permutations  after  dropping  a  common 
element,  and  §  is  the  negation  of  the  theorem,  which  states  the  existence  of  an  ordered  list  that  is  a 
permutation  of  a  given  list. 

The  results  of  applying  the  substitution 

8-  {z  —  i/i  °  ((«>  n  !/2)} 
to  the  boxed  subsentences  are 

perm({xl  □  ((u)  □  x2))+,  yi  a  ((u  )  a  y2)) 

and 

perm(f+  ,  1/1  a  ((u)  □  y2)). 

The  mismatched  subterms 

I[d((u)di2)  and  l 

are  positive  in  their  respective  subsentences  with  respect  to  the  perm  relation.  (Because  this  relation  is 
symmetric,  they  also  happen  to  be  negative.)  The  boxed  subsentence  perm(t,  z)  is  posi  tive  in  §  with  respect 
to  the  equivalence  relation  =.  (It  also  happens  to  be  negative.)  Therefore,  by  the  =-repIacement  rule  with 
perm-matching,  we  may  deduce  the  sentence 

if  perm( x,  □  ((«)  □  x2),  i) 
then  false 
or 

not  (ordered(yl  □  ((u)  a  y2))  and  perm(xj  □  x2,  yj  □  y2)) 


perm(i+ ,  x)|). 


perm(xj  a  ((u)  □  x2),  yi  a  ((u)  a  y2)) 


48 


6.  The  Relation- Matching  Rule 


which  reduces  under  transformation  to 
if  perm(xi  a  ((u)  □  x2),  t) 

then  not  (ordered(yi  a  [(u)  o  y2))  and  perm( Xi  □  X2,  t/i  °  t/2))  ■  j 


RELATION  MATCHING  VERSUS  RELATION  REPLACEMENT 


The  relation  matching  and  relation  replacement  rules  play  complementary  roles,  and  one  might  expect 
that  a  single  deductive  system  would  employ  one  or  the  other  rule  but  not  both.  After  all,  in  clausal  equality 
systems,  paramodulation  and  a  variant  of  E-resolution  have  each  been  shown  to  be  complete  (Anderson  [70], 
Digricoli  [83],  and  Brand  [75])  without  including  the  other.  Moreover,  by  incorporating  both  rules,  we  admit 
a  troublesome  redundancy:  The  same  conclusion  can  be  derived  in  several  ways. 


On  the  other  hand,  it  often  turns  out  that  a  proof  that  seems  unmotivated  or  tricky  using  only  one  of 
the  rules  seems  more  straightforward  using  a  combination  of  both.  For  instance,  in  an  example  of  a  previous 
section,  we  applied  the  resolution  rule  with  relation  matching  to  the  sentences 


7  : 


if  <JM 


then 


+ 


and 


5  • 


p(£+,fW+) 


taking  the  substitution  to  be 
6  :  (u  ♦-  t}, 

to  obtain  after  transformation 


if]  l*  /(*) 


then  notq(£). 

If  our  deduced  set  also  contains  the  sentence 


we  can  further  deduce  (by  resolution)  the  sentence 


not  q(t). 

Now  suppose  our  deductive  system  includes  the  relation  replacement  rule  but  not  the  relation-matching 
rule.  Then  to  deduce  the  same  conclusion  notq(t),  we  would  have  to  apply  the  relation  replacement  rule  to 
the  sentences 

nr 


and 


5 :  notpfFl  f[i)) 


to  obtain  (after  transformation) 


AD-A175  249  A  DEDUCTIVE  APPROACH  TO  COMPUTER  PROGRANMING(U) 

STANFORD  UNIV  CA  DEPT  OF  COMPUTER  SCIENCE  Z  MANNA  1986 
AFOSR-TR-86-2164  AFOSR-81-0014 


UNCLASSIFIED 


F/G  9/2 


NL 


7.  Strengthening 


49 


We  could  then  obtain  the  same  conclusion  ( not  g(£))  by  resolution  applied  to  this  sentence  and  the  sentence 

j  .  *7  <J(«) _ 

then  p(u,  u)  . 


Although  both  sequences  of  inference  lead  to  the  same  conclusion,  the  earlier  proof  seems  better  mo¬ 
tivated:  Each  step  is  based  on  matching  subexpressions  that  already  possess  a  high  degree  of  syntactic 
similarity.  In  contrast,  the  above  proof  seems  rather  gratuitous:  The  application  of  the  relation  replacement 
rule  is  based  on  matching  the  variable  v  with  the  constant  l.  There  is  no  reason  to  perform  this  step  except 
as  a  preparation  for  the  subsequent  resolution  step. 


Examples  can  also  be  exhibited  for  which  a  proof  employing  the  replacement  rule  is  well-motivated  but 
the  corresponding  proof  using  the  matching  rule  appears  strained.  For  instance,  in  the  theory  of  integers, 
use  of  the  =-replacement  rule  and  the  axiom  u  +  (— u)  =  0  allows  us  to  simplify  a  subterm  of  form  t  +  (— t) 
to  0.  Tf  ve  are  only  permitted  to  use  the  relation-matching  rule,  we  must  leave  the  subterm  intact,  and  hope 
that  we  attempt  to  match  it  against  a  corresponding  subterm  0  later  in  the  proof. 

We  expect  that  by  including  both  rules  together  in  a  system  we  shall  be  able  to  apply  more  restrictive 
strategies  to  each  of  them.  Consequently,  we  shall  obtain  a  smaller  search  space  than  if  we  had  included 
either  of  the  rules  separately. 


7.  STRENGTHENING 

The  relation  replacement  rule  of  Section  5  does  not  always  allow  us  to  draw  the  strongest  possible 
conclusion.  In  this  section  we  establish  a  stronger  form  of  the  polarity  replacement  lemma  and  use  it  to 
develop  a  stronger  relation-replacement  rule. 

We  motivate  the  strengthening  of  the  rule  with  an  example.  In  the  theory  of  the  integers,  suppose  our 
deduced  set  contains  the  sentences 

7  |T]  <  t 

and 

5  '■  a  <  QJ  +  2. 

Because  the  occurrence  of  a  in  §  is  positive  with  respect  to  the  less-than  relation  <,  the<-replacement  rule 
allows  us  to  replace  a  with  t  and  deduce  that  (after  transformation) 

a  <  t+  +  2. 

From  these  two  sentences,  however,  we  should  be  able  to  deduce  the  stronger  result 
CL  <C  t  +  2. 

Similarly,  from  the  sentence  a  <  t  and  not  (a  -  a  >  6),  we  should  be  able  to  deduce  not  (a  —  t  >  b)  rather 
than  merely  not  (a  -  t  >  b). 

Unfortunately,  the  rule  as  we  have  presented  it  does  not  yield  these  more  useful  conclusions;  the  strength¬ 
ened  relation-replacement  rule  will.  But  first,  we  must  introduce  some  preliminary  notions. 


THE  STRENGTHENED  POLARITY-REPLACEMENT  LEMMA 

The  strengthened  rule  depends  on  the  following  basic  result: 


50 


7.  Strengthening 


Lemma  (strengthened  polarity  replacement) 

Consider  arbitrary  expressions  e(x,y)  and  e'(x,y)  and  binary  relations  and  -<2.  The  sentence 

then  if  e{x,y)  -<2  e'(x,y) 
then  e(y,  x)  <2  e'(y,  x) 

is  valid  provided  that  the  replaced  occurrences  of  x  and  y  satisfy  the  following  strengthening  con¬ 
ditions  [in  e(x,y)  and  e'(x,y)  with  respect  to  -<i  and  -«2]: 

•  transitivity  condition 

The  relation  -<2)  the  irreflexive  restriction  of  -<2l  is  transitive. 

•  top  condition 

The  replac’d  occurrences  of  x  and  y  are  respectively  positive  and  negative  in  e(x,y)  -<2 
e'(x,y)  w.  respect  to  -<j. 

•  left-right  condition 

One  of  the  following  two  disjuncts  holds: 

The  replaced  occurrences  of  x  and  y  in  e(x,  y)  are  respectively  negative  and  positive  in 
e(x,y)  with  respect  to  and  -<2  (and  some  replacement  is  made  in  e(x,y)) 

( left  disjunct) 


or 


the  replaced  occurrences  of  i  and  y  in  «'(x,y)  are  respectively  positive  and  negative  in 
e'(x,  y)  with  respect  to  -<i  and  -<2  (and  some  replacement  is  made  in  e'(x,y)). 

(right  disjunct) 


Before  proving  this  proposition,  let  us  illustrate  it  with  an  example. 


Example  (strengthened  polarity-replacement  lemma) 

In  a  theory  that  includes  the  sets  and  the  nonnegative  integers,  take  -<!  to  be  the  proper-subset  relation 
C  over  the  sets  and  -<2  to  be  the  weak  less-than  relation  <  over  the  nonnegative  integers.  Then  -<2  is  the 
strict  less-than  relation  <. 

Consider  the  sentence 

m  card(y)  <  n  +  card(x), 

where  x  and  y  are  sets,  m  and  n  are  nonnegative  integers,  and  card(x)  is  the  cardinality  of  the  set  x. 
According  to  the  lemma,  the  sentence 

>/  i  C 

then  if  m  card(y)  <  n  +  card(x) 

then  m  card(x)  <  n  +  card(y ) 

is  valid,  because  the  replaced  occurrences  of  x  and  y  satisfy  the  strengthening  conditions  in  m  card(y)  and 
n  +  card(x)  with  respect  to  C  and  <•  1°  particular, 

•  The  relation  <  is  transitive;  hence  the  transitivity  condition  is  satisfied. 


7.  Strengthening 


51 


•  The  replaced  occurrences  of  x  and  y  are  respectively  positive  and  negative  in  mcard(y)  < 
n  +  card(x)  with  respect  to  C;  hence  the  top  condition  is  satisfied. 

•  Although  the  replaced  occurrence  of  y  is  not  positive  in  m  •  card(y)  with  respect  to  C 
and  <  (after  all,  m  could  be  0),  the  replaced  occurrence  of  x  is  positive  in  n+  card[x) 
with  respect  to  C  and  <.  Hence,  though  the  left  disjunct  of  the  left-right  condition  is  not 
satisfied,  the  right  disjunct  is. 

We  are  now  ready  to  establish  the  lemma. 

Proof  (strengthened  polarity-replacement  lemma) 

Suppose  that 

*  -*i  y  and  e(x,y)  -<2  e'(x,y), 
and  that  the  strengthening  conditions  are  satisfied. 

We  would  like  to  show  that  then 
e(y,x)  -<2  e'(y.z). 

The  left-right  condition  was  stated  as  a  disjunction  of  two  possibilities;  we  treat  each  possibility  sepa¬ 
rately. 

Case  (left  disjunct):  The  replaced  occurrences  of  x  and  y  in  e(x,y)  are  respectively  negative  and 
positive  in  e(x,y)  with  respect  to  -<i  and  -<2  (and  some  replacement  is  made  in  e(x,y)). 

In  this  case  (by  the  transitive  polarity-replacement  lemma,  because  x  y),  we  have 

e(y,  *)  -<2  «(*,  y)- 

Abo  (by  the  polarity  replacement  proposition  and  our  supposition  that  x  y  and  e(x,y)  -* 2  e'(x,y)) 
we  have 


e(x,  y)  -<2  e'(y,  i). 

(Here  we  have  only  performed  the  replacements  on  the  right-hand  side;  by  the  top  condition,  we  know  the 
replaced  occurrences  of  x  and  y  are  respectively  positive  and  negative  in  e(x,y)  -<2  e'(x,y)  with  respect  to 
-<i .)  It  follows  that 

e(x,y)  <2  e'(y,x)  or  e(s,  y)  =  e'(y,  x). 

Because  e(y,  x)  -<2  e(x,  y),  we  thus  have  (either  by  the  transitivity  of  -<2  or  the  substitutivity  of  equality) 

that 

e(y,  x)  -<2  e'(y,  x), 
as  we  wanted  to  show. 

Case  (right  disjunct):  The  replaced  occurrences  of  x  and  y  in  e'(x,y)  are  respectively  positive  and 
negative  in  e'(x,y )  with  respect  to  -<i  and  ^i2  (and  some  replacement  is  made  in  e(x,  y)). 

The  proof  in  this  case  is  entirely  symmetric  to  the  proof  in  the  previous  case. 


THE  STRENGTHENED  POLARITY-REPLACEMENT  PROPOSITION 


The  strengthened  rule  is  expressed  in  terms  of  the  following  notational  device: 


52 


7.  Strengthening 


Definition  (strengthen  accordingly) 

Suppose  x  is  a  binary  relation,  s  and  t  are  expressions  (either  both  sentences  or  both  terms),  and 
Q  is  a  sentence. 

If  we  write  Q  as  £{s+,  t~),  then  £(t+,  s_)T  denotes  the  sentence  obtained  by  replacing  certain 
positive  occurrences  of  s  with  t,  replacing  certain  negative  occurrences  of  t  with  a  (where  polarity 
is  taken  with  respect  to  -<),  and  strengthening  accordingly  as  follows: 

•  Whenever  a  replacement  is  made  in  a  positive  subsentence  of  form  e(s,t)x  e' (s,t),  where 
the  replaced  occurrences  of  s  and  t  satisfy  the  strengthening  conditions  in  e(s,  t)  and  e'{s,  t) 
with  respect  to  x  and  x,  replace  the  occurrence  of  the  symbol  -4  with  X,  the  irreflexive 
restriction  of  x. 

•  Whenever  a  replacement  is  made  in  a  negative  subsentence  of  form  e(s,  t)x  e'{s ,  t),  where 
the  replaced  occurrences  of  s  and  t  satisfy  the  strengthening  conditions  in  e(s,  t)  and  e'(s,  t) 
with  respect  to  x  and  ^ A,  replace  the  occurrence  of  the  symbol  X  with  X.  (Here  7*  and  X 
are  the  negation,  and  the  reflexive  closure,  respectively,  of  x.) 

These  conditions  may  appear  mysterious  at  this  point,  but  they  are  precisely  what  we  need  to  establish 
the  following  result,  which  tightens  up  the  polarity  replacement  proposition: 

Proposition  (strengthened  polarity  replacement) 

For  any  binary  relation  X  and  sentence  P(x+ ,  y~),  the  sentence 
» /ixj 

then  xf  P{x+,  y~) 

then  P(y+,  x~y 

is  valid. 


We  illustrate  the  proposition  with  two  examples. 


Example 

In  the  theory  of  the  positive  integers  (excluding  0),  take  X  to  be  the  proper-divides  relation  <div  and 
take  our  sentence  to  be 

P{x+,y~):  a<(z  +  l)2  or  q(x). 

Then  according  to  the  proposition,  the  sentence 

*/  x  <ti,v  y 

then  if  a  <  [x  +  l)2  or  <7(x) 

then  a  <  (y  +  l)2  or  q(x) 

is  valid.  Note  that  the  symbol  <  has  been  replaced  by  its  irreflexive  restriction  <  as  a  result  of  the  strength¬ 
ening.  This  is  because 

•  The  subsentence  a  <  (x  +  l)2  is  positive  in  P (z+ ,  y~). 

•  The  replaced  occurrence  of  1  in  a  <  (1  +  l)2  satisfies  the  strengthening  conditions  in  a 
and  (x  +  l)2  with  respect  to  and  <•  In  particular 

■  The  relation  <  is  transitive;  hence  the  transitivity  condition  is  satisfied. 


y  -ysy  ■  ’y-'y-i*  VrV> 


Gw 


7.  Strengthening 


53 


■  The  replaced  occurrence  of  x  is  positive  in  a  <  (z  +  l)2  with  respect  to  -<dxv; 
hence  the  top  condition  is  satisfied. 

■  The  replaced  occurrence  of  x  is  positive  in  (x  +  l)2  with  respect  to  -<div  and  <; 
hence  the  right  disjunct  of  the  left-right  condition  is  satisfied. 


Example 

In  a  theory  that  includes  the  lists  and  the  nonnegative  integers,  take  - <  to  be  the  tail  relation  -<taii  over 
the  lists  and  take  our  sentence  to  be 

P (x+ ,  y~)  :  if  length(xal)  <  length(y)  +  m  then  q(x,y), 

where  x,  y,  and  t  are  lists,  m  is  a  nonnegative  integer,  and  length(l)  is  the  number  of  elements  in  the  list  l. 
Then  according  to  the  proposition,  the  sentence 

»/  x  -<tau  y 

then  if  if  length(x  □  £)  <  length(y)  +  m  then  q(x,  y) 

then  if  length(y  □  l)  <  length(x)  +  m  then  q(x,  y) 

is  valid.  Note  that  here  the  symbol  <  has  been  replaced  by  <  as  a  result  of  the  strengthening.  This  is 
because 

•  The  subsentence  length[x  □  t)  <  length[y)  +  m  is  negative  in  P(x+,  y~). 

•  The  replaced  occurrences  of  x  and  y  satisfy  the  strengthening  conditions  in  length(x  □  £) 
and  Ungth[y)  +  m  with  respect  to  -<tau  and  ft,  that  is  >.  In  particular 

■  The  relation  >,  the  irreflexive  restriction  of  >,  is  transitive;  hence  the  transitivity 
condition  is  satisfied. 

■  The  replaced  occurrences  of  x  and  y  are  positive  and  negative,  respectively,  in 

the  sentence  length(x  □  £)  >  length(y)  +  m  with  respect  to  hence  the  top 

condition  is  satisfied. 

■  The  replaced  occurrence  of  x  is  negative  in  length(x  □  £)  with  respect  to  -<tau 

and  >;  hence  the  left  disjunct  of  the  left-right  condition  is  satisfied.  (As  it  turns 
out,  the  replaced  occurrence  of  y  is  also  negative  in  length(y)  +  m  with  respect 
to  and  >;  hence  the  right  disjunct  is  also  satisfied.)  ^ 


Let  us  now  prove  the  proposition. 


Proof  (strengthened  polarity-replacement  proposition) 

We  suppose  that 

x  -t  y  and  P(x  +  ,  y  ), 
and  show  that  then 

p(y+,  x-y. 

The  sentence  P (y+  ,  x”)1  is  obtained  from  P (x+ ,  y~)  by  replacing  certain  subexpressions  with  others.  We 
show  that  each  of  these  replacements  makes  the  sentence  “truer,”  in  the  sense  that  it  produces  a  sentence 
implied  by  the  original. 

We  consider  separately  three  kinds  of  replacement: 


64 


7.  Strengthening 


•  Replacing  a  positive  subsentence  of  form  e(x,  y )-«  e'(x,  y)  with  e(y,  x)-<  e'(y,  x),  where  the  replaced 
occurrences  of  x  and  y  satisfy  the  strengthening  conditions  in  e(x,  y)  and  e'(x,  y)  with  respect  to  -4 
and 

In  this  case,  because  x  -4  y,  we  have  (by  the  strengthened  polarity-replacement  lemma)  that 

if  e(x,y)  3  e'(x,y) 
then  e(y,  x)  3  e'(y,  x). 

Therefore,  because  the  replaced  occurrence  of  e(x,y)-4  e'(x,y)  is  positive  in  P(x+,  y_),  we  know  (by  the 
original  polarity-replacement  proposition)  that  replacing  it  with  the  “truer”  subsentence  e(y,  x)x  e'(y,x) 
makes  the  entire  sentence  truer. 

•  Replacing  a  negative  subsentence  of  form  e(x,  y)4  e'(x,  y),  with  e(y,  x)^  e'(y,  x),  where  the  replaced 
occurrences  of  x  and  y  satisfy  the  strengthening  conditions  in  e(x,y)  and  e'(x,y)  with  respect  to  -4 
and  7<  (the  negation  of  ^<). 

In  this  case,  because  x  -<  y,  we  have  (by  the  strengthened  polarity-replacement  lemma,  recalling  that  yf 
is  the  irreflexive  restriction  of 

if  e(x,y)-A  e'{x,y) 
then  <(y,  x)9  e'{y,x) 

or,  equivalently  (taking  the  contrapositive), 

*/  t(y,x)  5  e'(y,x) 
then  e(x,  y)  ^  e'(x,  y). 

Therefore,  because  the  replaced  occurrence  of  e(x,y)4  e'(x,y)  is  negative  in  P(x+,  y~),  we  know  (by  the 
original  polarity-replacement  proposition)  that  replacing  it  with  the  “falser”  sentence  e(y,  x)-4  e' (y,  x)  will 
make  the  entire  sentence  falser. 

•  Replacing  a  positive  occurrence  of  x  with  y  or  a  negative  occurrence  of  y  with  x,  where  polarity  is 
with  respect  to  -4  and  where  the  replaced  occurrence  is  not  within  the  scope  of  any  strengthened 
relation 

In  this  case,  the  replacement  makes  the  sentence  “truer,”  by  the  original  polarity-replacement  proposi¬ 
tion. 


THE  GROUND  VERSION 

We  can  now  express  the  stronger  version  of  the  relation  replacement  rule.  The  ground  version  of  the 
rule  is  as  follows: 


Rule  (strengthened  relation  replacement,  ground  version) 


For  any  binary  relation  ground  expressions  s  and  t,  and  ground  sentences  7\s  4  t]  and  £(s+ ,  t  ), 
we  have 


7\s  4  t] 

5(*\  n 


7\false\  or  ${t+,  s  )T 


1 

iSl 


isa? 


I 


m 


7.  Strengthening 


Here  £(t+ ,  a_)T  is  the  result  of  replacing  certain  positive  occurrences  of  a  with  t,  replacing  certain 
negative  occurrences  of  t  with  a,  and  strengthening  accordingly,  where  polarity  is  taken  in  £(s+,  t~) 
with  respect  to  -<f.  We  assume  that  at  least  one  replacement  is  made. 

Let  us  illustrate  the  ground  version  of  the  rule  with  two  examples. 


Example 

In  the  theory  of  the  positive  integers  (excluding  0),  suppose  our  deduced  set  contains  the  sentences 
7  :  if  p(s)  then  [T]  -<div  t 

and 

9  =  a  <  ([  «  f  +  l)2  or  ?(«). 

where  -<div  is  the  proper  divides  relation.  Then  we  can  apply  the  strengthened  -•^-replacement  rule  to 
replace  the  boxed  occurrence  of  s  in  9  with  t  and  to  strengthen  accordingly,  obtaining 

if  p(s)  then  false 
or 

a  <  (t  +  l)2  or  q(s). 

This  sentence  reduces  under  transformation  to 
(no'  p(a))  or  a  <  (t  +  l)2  or  q(s). 

The  relation  symbol  <  was  replaced  by  its  irreflexive  restriction  <  because  a  <  (s  +  l)2  is  positive  and 
because  a  and  t  satisfy  the  strengthening  conditions  in  a  and  (a  +  l)2  with  respect  to  -<div  and  <,  as  we 
have  seen  in  a  previous  example. 


Example 


In  a  theory  that  includes  the  sets  and  the  nonnegative  integers,  suppose  our  deduced  set  contains  the 


sentences 


7  p(a,  t )  or  \7]c[7] 

411*1 

9  not  ^ q[s,t )  and  m  card(  |  a  j*  )  <  n  +  card([TJ~  , 

«  »n  I  t  ire  sets,  m  and  n  are  nonnegative  integers,  and  card(s)  is  the  cardinality  of  the  set  a.  Then 
in  ,»pplv  the  strengthened  C-replacement  rule  to  replace  the  boxed  occurrences  of  a  with  t  and  t  with 
m  t  t.i  st lengthen  accordingly,  obtaining 

;(“,()  nr  false 
or 

not(,/(s,t)  and  rn  card(t)  <  n  +  card(s)^j  , 

that  is  (after  transformation), 
p(s,t)  or 

not  and  m  card(t)  <  n  +  card(a)^  . 


56 


7.  Strengthening 


The  relation  symbol  <  has  been  replaced  by  its  reflexive  closure  <  because  m  card(s)  <  n  +  card(t)  is 
negative  and  because  s  and  t  satisfy  the  strengthening  conditions  in  m  card (s)  and  n  +  card(t)  with  respect 
to  C  and  ft,  that  is,  >.  In  particular, 

•  The  irreflexive  restriction  >  of  >  is  transitive;  hence  the  transitiiity  condition  is  satisfied. 

•  The  replaced  occurrences  of  s  and  t  are  respectively  positive  and  negative  in  m  card(s)  < 
n  +  card(t)  with  respect  to  C  and  >;  hence  the  top  condition  is  satisfied. 

•  The  replaced  occurrence  of  t  is  negative  in  n  +  card[t)  with  respect  to  C  and  >;  hence  the 
right  disjunct  of  the  left-right  condition  is  satisfied. 

Let  us  now  establish  the  soundness  of  the  rule. 

Justification  (relation  replacement  rule,  ground  version) 

The  proof  resembles  the  justification  of  the  original  relation-replacement  rule. 

We  suppose  that  the  given  sentences  7{$  -4  t]  and  §(s+ ,  t~)  are  true  and  show  that  the  newly  deduced 
sentence  [7[false]  or  $(t+ ,  s~)T)  is  also  true.  We  distinguish  between  two  cases  and  show  that  in  each  case 
one  of  the  two  disjuncts,  7\false\  or  £(t+ ,  s_)T,  is  true. 

In  the  case  in  which  the  subsentence  3  -4  t  is  false,  we  know  (by  the  value  property,  because  s  -4  t  and 
false  have  the  same  truth  value  and  7\s  -4  t]  is  true)  that  the  first  of  the  disjuncts,  7\false\,  is  true. 

In  the  case  in  which  s  -4  t  is  true,  we  know  (by  the  strengthened  polarity-replacement  proposition, 
because  §(s+,  t~)  is  true)  that  the  second  of  the  disjuncts,  §(t+,  s_)T,  is  true. 


THE  GENERAL  VERSION 

The  general  version  of  the  rule  allows  us  to  instantiate  the  variables  of  the  sentences  as  necessary  to 
create  common  subexpressions. 

Rule  (strengthened  relation  replacement,  general  version) 

For  any  binary  relation  -4,  expressions  s,  t,  S',  and  t,  and  sentences  7\s  -4  t]  and  £J(3'+,  *+)>  where 
7  and  §  are  standardized  apart,  we  have 

7\s  -4  t) 

5(s+-  t~) 

76[false]  or  §d(td+,  s9~)\ 

where  6  is  a  simultaneous,  most-general  unifier  of  s,  s  and  of  t,  t. 

As  usual,  to  apply  the  general  version  of  the  rule  to  sentences  7  and  Q,  we  apply  its  ground  version  to  76 
and  Q9.  The  justification,  which  is  straightforward,  is  omitted.  As  before,  the  polarity  strategy  for  the  rule 
allows  us  to  assume  that  a  least  one  occurrence  of  the  subsentence  (s  -4  t)6  is  positive  or  of  no  polarity  in 

76. 


8.  Extensions 


57 


8.  EXTENSIONS 

The  concepts  in  this  paper  are  being  extended  in  several  directions.  We  briefly  indicate  several  of  these 

here. 


EXPLICIT  QUANTIFIERS 

The  system  we  have  described  deals  with  sentences  that  have  had  their  quantifiers  removed  by  skolem- 
ization.  It  is  impossible,  however,  to  remove  quantifiers  that  occur  within  the  scope  of  an  equivalence  (=) 
connective  or  in  the  t/-clause  of  a  conditional  ( if-then-else )  connective  without  first  paraphrasing  the  con¬ 
nective  in  terms  of  others.  If  several  of  these  connectives  are  nested,  the  paraphrased  sentence  becomes 
alarmingly  complex. 

In  an  earlier  work  (Manna  and  Waldinger  [82}) ,  we  extend  the  deductive  system  to  sentences  that 
may  have  some  of  their  quantifiers  intact.  In  many  cases,  we  can  complete  the  proof  without  removing  all 
the  quantifiers.  If  these  quantifiers  are  in  equivalences  or  t/-clauses,  we  need  not  paraphrase  the  offending 
connectives.  Thus,  we  not  only  retain  the  form  of  the  original  sentence,  but  also  can  use  the  equivalences 
we  retain  in  applying  the  equivalence  replacement  rule. 


POLARITY  WITH  RESPECT  TO  AN  EXPRESSION 

We  have  used  the  notion  of  polarity  with  respect  to  a  relation.  Because  a  function  is  a  special  case  of 
a  relation,  we  can  define  polarity  with  respect  to  a  function  accordingly.  Rather  than  restricting  ourselves 
to  the  functions  denoted  by  the  function  symbols  in  our  deduced  set,  we  prefer  to  consider  the  functions 
corresponding  to  particular  expressions  in  the  set. 

Roughly  speaking,  suppose  e[s]  is  a  ground  term;  then  e[s]  corresponds  to  a  binary  relation  — <ej a)  defined 
by  the  sentence 

*  -M«l  y  =  e[z]  =  y- 

We  may  define  polarity  with  respect  to  -<<.[,)  just  as  we  would  with  respect  to  any  binary  relation. 

For  example,  in  the  theory  of  the  integers,  the  relation  — <eja]  corresponding  to  the  term  e[s]  :  s  +  1  is 
defined  by  the  sentence 

x  -<e|,|  y  =  x  +  1  =  y. 

(In  fact,  this  relation  turns  out  to  be  the  predecessor  relation  -<pred  we  have  seen  earlier.)  The  relation 
natnum(x),  which  holds  if  x  is  a  nonnegative  integer  (natural  number),  is  positive  over  its  argument  with 
respect  to  for  we  have 

*/ 1  -M»i  y 

then  i /  nalnum(x) 

then  natnum(y). 

We  can  then  establish  an  expression  replacement  rule  analogous  to  our  relation  replacement  rule;  i.e. , 
in  the  ground  version: 

For  any  expressions  s  and  ejs]  and  ground  sentence  G(s+,  e[s]~),  we  have 


58 


8.  Extensions 


Here  5(el3!+>  a_)T  is  obtained  from  S(s+ ,  e[s] — )  by  replacing  certain  positive  occurrences  of  s  with  e[sj, 
replacing  certain  negative  occurrences  of  e[s]  with  s,  and  strengthening  accordingly,  where  polarity  is  taken 
in  §(s  +  ,  cf a J — }  with  respect  to 

For  example,  in  the  theory  of  the  integers,  if  our  deduced  set  contains  the  sentence 
$  :  not  [natnum((s  +  l)-)] 
we  may  deduce  the  sentence 
not  [natnum(s)] , 

because  the  occurrence  of  3  +  1  is  negative  in  $  with  respect  to  the  relation  corresponding  to  the  expression 

3  +  1. 

We  can  also  define  expression-matching  rules  analogous  to  our  relation-matching  rule. 

For  example,  in  the  theory  of  lists,  suppose  our  deduced  set  contains  the  sentences 


$  :  not  (jag  (60  s)+~  ). 

Here  the  term  60s  is  the  result  of  inserting  the  element  6  before  the  first  element  of  the  list  s.  By  the  resolution 
rule  with  expression  matching,  whose  precise  statement  we  omit,  we  may  deduce  (after  transformation),  the 
contradiction  false,  because  s  is  positive  in  the  boxed  sentence  a  6  s  with  respect  to  the  relation  corresponding 
to  6  o  3. 


CONDITIONAL  POLARITY 


Sometimes  it  is  convenient  to  extend  the  notion  of  polarity  to  depend  on  the  truth  of  certain  conditions. 
For  example,  in  the  theory  of  integers  (including  negative  integers)  with  respect  to  the  relation  <,  the 
occurrence  of  s  in  the  sentence 

a  <  b  3 

might  be  regarded  as  positive  if  6  is  nonnegative  and  negative  if  6  is  nonpositive.  (If  6  is  0,  the  occurrence 
might  have  both  polarities).  We  could  then  adapt  the  relation  replacement  and  relation  matching  rules  to 
use  this  conditional  polarity,  imposing  the  appropriate  conditions  on  whatever  conclusion  they  draw. 

More  precisely,  we  define  the  notion  of  conditional  polarity  so  that  if  1  and  y  are  respectively  positive 
and  negative  in  P (x+ ,  y~)  with  respect  to  the  binary  relation  -*  subject  to  the  condition  )!{x,  y,  Q],  then  the 
sentence 

*/  x  -4  y 

P  x ,  y,  then  if  P(x+,  y~) 

then  P(y+,  x“)r 

is  valid.  Here  Q  denotes  an  arbitrary  sentence;  the  indicated  polarities  of  the  replaced  occurrences  of  x  and 
y  are  subject  to  the  condition  M\x,y,  fi]. 

For  example,  according  to  this  notion  of  conditional  polarity,  in  the  theory  of  the  integers,  the  occurrence 
of  1  in  the  sentence 

a  <  b  +  x2 


8.  Extensions 


59 


is  positive  with  respect  to  the  relation  <  subject  to  the  condition 
wr  if  x>  0 


then  Q. 


Consequently,  we  have  that  the  sentence 

if  x  >  0 
then  xf  x  <  y 

then  if  a  <  b  +  x2 

then  a  <  b  +  y2 

is  valid.  The  relation  <  was  replaced  by  <  as  the  result  of  strengthening. 

In  terms  of  this  notion,  we  can  introduce  conditional  versions  of  the  relation  replacement  rule  and 
relation-matching  rules.  In  particular,  we  have  the  conditional  relation-replacement  rule,  i.e.,  in  the  ground 
version: 

For  any  binary  relation  -i,  ground  expressions  s  and  t,  and  ground  sentences  7\s  -<  t]  and  £(s+,  t~), 
we  have 

7\s  -i  t ] 

S(°+,t~) _ 

M[s,t,  false]  or  7\false ]  or  §(t+, 

Here  the  indicated  polarities  of  the  replaced  occurrences  of  s  and  t  are  subject  to  the  condition 

For  example,  in  the  theory  of  the  integers,  suppose  our  deduced  set  contains  the  sentences 

j  .  if  r(s,  t) 
then  s  <  t 


§  :  a  <  b  9. 

Note  that  the  occurrence  of  s  in  Q  is  positive  with  respect  to  the  relation  <  subject  to  the  condition 
if  b>  0 

then  Q. 

Therefore,  according  to  the  conditional  <-replacement  rule,  we  may  deduce 


xf  b  >  0 
then  false 


r(s,  t) 

,  ,  or  a 
en  false 


<  b  ■  t, 


which  reduces  under  transformation  to 


( not  (b  >  0))  or  (  not  Mm)))  or  a  <  b  ■  t. 

The  conditional  relation-matching  rules  are  analogous.  Of  course  these  rules  can  be  extended  to  apply 
to  conditional  polarity  with  respect  to  ;>n  expression  rather  than  a  relation. 


PLANNING  AND  THE  FRAME  PROBLEM 


Theorem-proving  techniques  have  often  been  applied  to  problems  in  automatic  planning.  One  approach 
to  this  application  has  been  the  formulation  of  a  situational  logic,  a  theory  in  which  states  of  the  world  are 


60 


8.  Extensions 


regarded  as  domain  elements,  denoted  by  terms.  Typically,  an  action  in  a  plan  is  represented  as  a  function 
mapping  states  into  other  states.  The  effects  of  an  action  can  be  described  by  axioms. 

For  example,  the  primary  effect  of  putting  one  block  on  top  of  another  is  expressed  by  an  axiom  such  as 

if  clcar(x,w)  and  clear(y,w ) 
then  on(x,y,puton(x,y,  «"))• 

In  other  words,  if  block  x  is  put  on  block  y  in  a  state  t u,  then  x  will  indeed  be  on  y  in  the  resulting  state 
puton(x,y,w).  The  antecedent  expresses  the  preconditions  that  x  and  y  be  clear  before  x  can  be  put  on  y: 
in  other  words,  no  block  can  be  on  x  or  on  y.  (The  conventional  blocks-world  hand  can  move  only  one  block 
at  a  time.) 

In  a  situational  logic,  a  problem  may  be  expressed  as  a  theorem  to  be  proved.  For  example,  the  problem 
of  achieving  the  condition  that  block  a  is  on  block  b  and  block  b  is  on  block  c  might  be  phrased  as  the 
theorem 

(3  )  [on(a,  b,  z)  and  on(6,c,z)|. 

The  frame  problem,  which  occurs  when  planning  problems  are  approached  in  this  way,  is  connected  with 
the  requirement  that  we  need  to  express  not  only  what  conditions  are  altered  by  a  given  action,  but  also 
what  conditions  are  unchanged.  For  example,  in  addition  to  the  primary  effect  of  putting  one  block  on  top 
of  another,  we  must  state  explicitly  that  this  action  has  no  effect  on  other  relations,  such  as  color;  otherwise, 
we  shall  have  no  way  of  deducing  that  the  color  of  a  block  after  the  action  is  the  same  as  its  color  before. 
Therefore,  we  must  include  in  our  deduced  set  the  frame  axiom 

if  clear(x,w)  and  clear(y,w) 
then  if  color(z,  u,  w ) 

then  color (z,  u,  puton(x,  y,  u>)) . 

In  other  words,  if  the  action  of  putting  block  i  on  top  of  block  y  is  legal  and  if  block  z  is  of  color  u  in  state 
w,  then  z  will  also  be  of  color  u  in  the  resulting  state  puton{x,  y,  w).  If  our  deduced  set  contains  the  sentence 

not  (color  (c,  red,  puton(a,  b,s))), 

we  can  then  apply  the  resolution  rule  to  the  frame  axiom  and  this  sentence  to  deduce  (after  transformation) 

(not  (clear(a,  s)))  or  (not  (clear(b,  s)))  or  (not  (color(c,  red,  s))) . 

We  need  a  separate  frame  axiom  not  only  for  the  color  of  blocks,  but  also  their  size,  shape,  surface 
texture,  and  any  other  attributes  we  wish  to  discuss  in  our  theory.  Adding  all  the  frame  axioms  to  our 
deduced  set  aggravates  the  search  problem,  because  the  axioms  have  many  consequences  irrelevant  to  the 
problem  at  hand. 

By  use  of  the  conditional  expression  rules,  we  can  drop  all  the  frame  axioms  from  our  deduced  set. 
For  example,  to  paraphrase  the  above  axiom  we  can  declare  that  the  relation  color(z,  u,  w)  is  positive  with 
respect  to  the  relation  corresponding  to  the  expression  e[tu]  :  puton(x,  y,  w)  subject  to  the  condition 

jofpi  ,  Q  ■  >/  clear  (x,w }  and  clear(y,  xv) 

then  Q. 

If  our  deduced  set  again  contains  the  sentence 
not  (color  (c,  red,  puton(a,  b,  s)  )) , 

we  can  then  apply  the  conditional  expression-replacement  rule  to  deduce 

(not  (cleared,  »)) )  nr  (not  (clear(b,  s)))  or  (not  (color(c,  red,  ?))) 

as  before,  without,  requiring  the  frame  axiom.  Of  course,  the  information  that  certain  actions  and  relations 
are  independent  must  still  be  expressed,  but  this  can  be  done  by  polarity  declarations  rather  than  by  axioms. 


9.  Discussion 


61 


9.  DISCUSSION 


The  theorem-proving  system  we  have  presented  3as  been  motivated  by  our  work  in  program  synthesis, 
and  the  best  examples  we  have  of  its  use  are  in  th.s  domain.  We  have  used  the  system  to  write  detailed 
derivations  for  programs  over  the  integers  and  real  numbers,  the  lists,  the  sets,  and  other  structures.  These 
derivations  are  concise  and  easy  to  follow:  they  reflect  intuitive  derivations  of  the  same  programs.  A  paper 
by  TVaugott  [85 j  describes  the  application  of  this  system  to  the  derivation  of  several  sorting  programs.  A 
paper  by  Manna  and  Waldinger  [85]  describes  the  derivation  of  several  binary-search  programs.  Our  earlier 
informal  derivation  of  the  unification  algorithm  (Manna  and  Waldinger  [81])  can  be  expressed  formally  in 
this  system. 

An  interactive  implementation  of  the  basic  nonclausal  theorem-proving  system  was  completed  by  Malachi 
and  has  been  extended  by  Bronstein  to  include  some  of  the  relation  rules.  An  entirely  automatic  imple¬ 
mentation  is  being  contemplated.  The  relation  rules  will  also  be  valuable  for  proving  purely  mathematical 
theorems.  For  this  purpose  they  may  be  incorporated  into  clausal  as  well  as  nonclausal  theorem-proving 
systems. 

Theorem  provers  have  exhibited  superhuman  abilities  in  limited  subject  domains,  but  seem  least  com¬ 
petent  in  areas  in  which  human  intuition  is  best  developed.  One  reason  for  this  is  that  an  axiomatic 
formalization  obscures  the  simplicity  of  the  subject  area;  facts  that  a  person  would  consider  too  obvious  to 
require  saying  in  an  intuitive  argument  must  be  stated  explicitly  and  dealt  with  in  the  corresponding  formal 
proof.  A  person  who  is  easily  able  to  conduct  the  argument  informally  may  well  be  unable  to  understand 
the  formal  proof,  let  alone  to  produce  it. 

Our  work  in  special  relations  is  part  of  a  continuing  effort  to  make  formal  theorem  proving  resemble 
intuitive  reasoning.  In  the  kind  of  system  we  envision,  proofs  are  shorter,  the  search  space  is  compressed, 
and  heuristics  based  on  human  intuition  become  applicable. 


ACKNOWLEDGEMENTS 


The  authors  would  like  to  thank  Martin  Abadi,  Alex  Bronstein,  Tomas  Feder,  Eric  Muller,  Neil  Murray, 
David  Plaisted,  Mark  Stickel,  Jon  Traugott,  and  Frank  Yellin  for  their  suggestions  and  careful  reading.  Jon 
Traugott  suggested  extending  the  notion  of  polarity  from  one  relation  to  two,  making  the  rules  more  powerful 
and  the  exposition  simpler;  he  also  proposed  the  extended  notions  of  polarity  with  respect  to  an  expression 
and  conditional  polarity.  The  manuscript  was  prepared  by  Evelyn  Eldridge-Diaz  with  the  TgX  typesetting 
system. 


REFERENCES 

Anderson  [70] 

R.  Anderson,  Completeness  results  for  El-resolution,  AFIPS  Spring  Joint  Computer  Conference, 
1970,  pp.  652-656. 

Boyer  and  Moore  [79] 

R.  S.  Boyer  and  J  S.  Moore,  A  Computational  Logic,  Academic  Press,  New  York,  N.Y.,  1979. 
Brand  [75] 

D.  Brand,  Proving  theorems  with  the  modification  method,  SIAM  Journal  of  Computing,  Vol.  4, 
No.  2,  1975,  pp.  412-430. 

Chang  and  Lee  [73] 


**  ‘r“  .v'  .  eSL.  af  -  g".  m1*- wl.alj  Mm.  i  .n*  A^u. C*  mVm  A  M A  -  ....  .  .A. 


62 


9.  Discussion 


C.  L.  Chang  and  R.  C.  Lee,  Symbolic  Logic  and  Mechanical  Theorem  Proving ,  Academic  Press, 
New  York,  N.Y.,  1973. 

Digricoli  [83 j 

V.  Digricoli,  Resolution  By  Unification  and  Equality,  Ph.D.  thesis,  New  York  University,  New  York, 
N.Y.,  1983. 

Kowalski  [79] 

R.  Kowalski,  Logic  for  Problem  Solving,  North  Holland,  New  York,  N.Y.,  1979. 

Loveland  [78] 

D.  W.  Loveland,  Automated  Theorem  Proving:  A  Logical  Basis,  North-Holland,  New  York,  N.Y., 
1978. 

Manna  and  Waldinger  }80j 

Z.  Manna  and  R.  Waldinger,  A  deductive  approach  to  program  synthesis,  ACM  Transactions  on 
Programming  Languages  and  Systems,  Vol.  2,  No.  1,  January  1980,  pp.  90-121. 

Manna  and  Waldinger  [81] 

Z.  Manna  and  R.  Waldinger,  Deductive  synthesis  of  the  unification  algorithm,  Science  of  Computer 
Programming,  Vol.  1,  1981,  pp.  5-48. 

Manna  and  Waldinger  [82] 

Z.  Manna  and  R.  Waldinger,  Special  relations  in  program-synthetic  deduction,  Technical  Report, 
Computer  Science  Department,  Stanford  University,  Stanford,  Calif.,  and  Artificial  Intelligence 
Center,  SRI  International,  Menlo  Park,  Calif.,  March  1982. 

Manna,  Z.,  and  R.  Waldinger  [85a] 

The  Logical  Basis  for  Computer  Programming,  Addison- Wesley,  Reading,  Mass.,  Volume  1:  Deduc¬ 
tive  Reasoning  (1985),  Volume  2:  Deductive  Techniques  (to  appear). 

Manna,  Z.,  and  R.  Waldinger  [85b] 

The  origin  of  the  binary-search  paradigm,  Ninth  International  Joint  Conference  on  Artificial  Intel¬ 
ligence,  Los  Angeles,  August  1985. 

Morris  [69] 

J.  B.  Morris,  El- resolution:  extension  of  resolution  to  include  the  equality  relation,  International 
Joint  Conference  on  Artificial  Intelligence,  Washington,  D.C.,  May  1969,  pp.  287-294. 

Murray  [82] 

N.  V.  Murray,  Completely  nonclausal  theorem  proving,  Artificial  Intelligence,  Vol.  18,  No.  1,  1982, 
pp.  67-85. 

Robinson  [65] 

J.  A.  Robinson,  A  machine-oriented  logic  based  on  the  resolution  principle,  Journal  of  the  ACM, 
Vol.  12,  No.  1,  January  1965,  pp.  23-41. 

Robinson  [79| 

J.  A.  Robinson,  Logic:  Form  and  Function,  North-Holland,  New  York,  N.Y.,  1979. 

Stickel  [82] 

M.  E.  Stickel,  A  nonclausal  connection-graph  resolution  theorem-proving  program.  National  Con¬ 
ference  on  AI,  Pittsburgh,  Pa.,  1982,  pp.  229-233. 

Traugott  [85] 

J.  Traugott,  Deductive  synthesis  of  sorting  algorithms,  Technical  Report,  Computer  Science  De¬ 
partment,  Stanford  University,  Stanford,  Calif,  (forthcoming). 


9.  Discussion 


Wos  and  Robinson  [69] 

L.  Wos  and  G.  Robinson,  Paramodulation  and  theorem  proving  in  first  order  theories  with  equality, 
in  Machine  Intelligence  4  (B.  Meltzer  and  D.  Michie,  editors)  American  Elsevier,  New  York,  N.Y., 
1969,  pp.  135-150. 


